A group of hackers in China used Facebook to target Uyghurs living in the United States and in other countries to “infect devices with malware to enable surveillance,” the social media platform reported on March 24.
According to a statement from Facebook, the group known as Earth Empusa or Evil Eye used the platform to primarily share links to malicious websites instead of directly sharing the malware itself and targeted fewer than 500 accounts.
“They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries,” Facebook stated.
“This group used fake accounts on Facebook to create fictitious personas posing as journalists, students, human rights advocates or members of the Uyghur community to build trust with people they targeted and trick them into clicking on malicious links,” Facebook said.
Facebook also said that the hackers created malicious websites that used look-alike domains for popular Uyghur and Turkish news sites and compromised legitimate websites often visited by their targets.
Facebook also found that the hackers created websites that mimic third-party Android app stores to publish Uyghur-themed apps.
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” Facebook’s Cyber Espionage Investigations Head Mike Dvilyanski and Security Policy Head Nathaniel Gleicher wrote in the statement.
In its investigation, Facebook found that two Chinese companies — Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush) — developed some of the Android tooling deployed by the hackers.
“These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security,” Facebook said.
Facebook said it has removed the accounts of the group, which were fewer than 100.
© Fourth Estate
® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.