Facebook says it blocked hackers in China who were trying to spy on Uyghur Muslims abroad
Facebook’s logo displayed on a phone screen and keyboard.
Jakub Porzycki | NurPhoto via Getty Images
GUANGZHOU, China — Facebook said Wednesday it had blocked a group of hackers from China who were using malicious websites to infect the devices of Uyghur Muslims living abroad to enable surveillance.
The hacking group — known as Earth Empusa or Evil Eye — used a variety of techniques to infect their targets’ devices, said the social media company.
In one example, the hackers set up malicious websites that used look-alike domains for popular Uyghur and Turkish news sites, Facebook said. If a user visited those sites, their device could be infected with code that would enable the hackers to surveil the device.
The ethnic Uyghurs mostly live in the region of Xinjiang in north-western China. They have been identified by the United Nations, United States, United Kingdom and others as a repressed group. Authorities allegedly use widespread surveillance technology to monitor the Uyghur population — allegations that the Chinese government denies.
Facebook did not link the blocked China hacking group to the Chinese government.
The tech giant said the hackers also appeared to have compromised legitimate websites that were visited frequently by their targets.
The hackers also used fake accounts on Facebook to “create fictitious personas posing as journalists, students, human rights advocates or members of the Uyghur community to build trust with people they targeted and trick them into clicking on malicious links.”
Facebook said it found websites designed to look like third-party Android app stores “where they published Uyghur-themed applications, including a keyboard app, prayer app, and dictionary app.” Any apps downloaded from these sites contained malicious software to infect devices.
The Chinese hacking group targeted activists, journalists and dissidents, predominantly among Uyghurs from Xinjiang in China who mostly live abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries, Facebook said.
The intention was to “infect their devices with malware to enable surveillance.”
Facebook said it blocked malicious website domains from being shared on its platform and took down the hacking group’s accounts in order to disrupt it activity. The U.S. social network said it also notified people who it believed were targeted.
In their first coordinated move, the U.S., European Union, Britain and Canada jointly imposed sanctions of Chinese officials over China’s alleged human rights violations and abuses in Xinjiang.
“The evidence, including from the Chinese Government’s own documents, satellite imagery, and eyewitness testimony is overwhelming,” said a joint statement by the U.S., U.K. and Canada.
“We are united in calling for China to end its repressive practices against Uyghur Muslims and members of other ethnic and religious minority groups in Xinjiang, and to release those arbitrarily detained,” they said.