Facebook says Chinese hackers tried to spy on Uyghur Muslims abroad

The Facebook logo is displayed on a phone screen and keyboard.

Jakub Porzycki | NurPhoto via Getty Images

GUANGZHOU, China – Facebook said on Wednesday it had blocked a group of hackers from China who were using malicious websites to infect the devices of Uyghur Muslims living abroad to enable surveillance.

The hacking group – known as Earth Empusa or Evil Eye – used a variety of techniques to infect their targets’ devices, the social media company said.

In one example, the hackers set up malicious websites using similar domains for popular Uighur and Turkish news sites, according to Facebook. When a user visits these websites, their device may be infected with code that allows the hackers to monitor the device.

The ethnic Uighurs live mainly in the Xinjiang region in northwest China. They have been identified as an oppressed group by the United Nations, the United States, the United Kingdom, and others. Authorities are reportedly using widespread surveillance technology to monitor the Uighur population – allegations the Chinese government denies.

Facebook has not linked the blocked China hacking group to the Chinese government.

The tech giant said the hackers apparently also compromised legitimate websites that their targets frequently visited.

The hackers also used fake accounts on Facebook to “create fictional people posing as journalists, students, human rights activists, or members of the Uyghur community in order to build trust with audiences and trick them into clicking malicious links”.

Facebook said it had found websites designed to look like third-party Android app stores “that publish Uyghur applications, including a keyboard app, a prayer app and a dictionary app”. All apps downloaded from these websites contained malicious software to infect devices.

The Chinese hacking group was directed against activists, journalists and dissidents, mainly among Uyghurs from Xinjiang in China, who mainly live abroad in Turkey, Kazakhstan, the USA, Syria, Australia, Canada and other countries.

The intent was “to infect their devices with malware to enable surveillance”.

Facebook said it blocked malicious website domains from being shared on its platform and deleted the hacking group’s accounts to disrupt activity. The U.S. social network said it had also notified people it believed were targeted.

In their first coordinated step, the US, European Union, UK and Canada jointly imposed sanctions on Chinese officials for alleged human rights abuses and abuses in Xinjiang.

“The evidence, including the Chinese government’s own documents, satellite images and testimony, is overwhelming,” said a joint US, UK and Canada statement.

“We agree that we urge China to end its repressive practices against Uighur Muslims and members of other ethnic and religious minorities in Xinjiang and to release those arbitrarily detained,” they said.

Comments are closed.