Advertisement

Facebook removes Chinese hackers targeting Uighur users

Facebook said the Chinese hacking group conducted a cyber espionage campaign to spy on Uighurs living abroad. Photo by Keizo Mori/UPI
Facebook said the Chinese hacking group conducted a cyber espionage campaign to spy on Uighurs living abroad. Photo by Keizo Mori/UPI | License Photo

March 24 (UPI) -- Facebook said Wednesday that it has blocked a group of Chinese hackers who were using its social media platform to target Uighurs primarily living abroad with malware in order to surveil them.

"They targeted activists, journalists and dissidents predominantly among Uighurs from Xinjiang in China primarily living about in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook said in a blog post.

Advertisement

The hacker group, known in the industry as Earth Empusa or Evil Eye, employed "various cyber espionage tactics" to identify their targets whose devices they would then infect with malware to enable surveillance.

According to Facebook, the hackers concealed their identities to infect the devices of their targets, even creating malicious websites spoofed to appear as genuine popular Uighur and Turkish news sites as well as having compromised legitimate websites members of this Muslim minority community frequented.

RELATED Advocacy group sues Facebook for failing to provide safe online environment

The group also created fake Facebook accounts posing as journalists, students, human rights activists or other Uighurs in order to build a relationship with those they wanted to surveil with the intent to build trust to convince them to click on malicious links, it said. They also erected websites to appear as third-party smartphone application stores where they would publish infected Uighur-themed products, such as keyboard, prayer and dictionary applications.

Advertisement

"This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who's behind it," Facebook said. "On our platform, this cyber espionage campaign manifested primarily in sending links to malicious website rather than direct sharing of the malware itself."

Facebook observed the activity of this group slow at various times, which it equates with efforts by other companies to disrupt their malign actions, it said, without elaborating.

RELATED China, Russia slam West for 'interference' after human rights sanctions

The United States has accused China of committing genocide against its Muslim minority Uighur citizens who live in the western Xinjiang province.

The U.S. State Department said China has interned more than a million Uighurs in camps between 2017 and last year but Beijing describes them as for the purpose of re-education to prevent terrorism.

The State Department, however, accuses China of committing human rights abuses against this population, including unlawful killings, forced disappearances, torture, arbitrary detention, forced labor, intrusive surveillance and severe restrictions on religious freedoms, among a long list of other such transgressions.

RELATED U.S. sanctions Chinese officials over Uighur human rights abuses

Facebook said it has blocked the malicious websites from its platform, removed the group's Facebook accounts and notified those who it believes were targeted.

Latest Headlines