Facebook says it has taken action against hackers in China, who are using fake accounts to spy on Uighur Muslims.
The company said the sophisticated network had targeted activists, journalists, and dissidents from China’s Xinjiang region.
The hacker groups – named as “Earth Empusa”, “PosionCarp”, or “Evil Eye” – also focused on individuals living abroad in the United States, Australia, Canada, Turkey, Kazakhstan, Syria, and other countries, Facebook said.
The social network said the group attempted to gain access to the computers and phones by creating fake Facebook accounts, as well as fake websites and apps intended to appeal to a Uighur audience, such as dictionaries or prayer apps.
If someone clicked on the websites, their device would be infected with spying software, which could obtain information such as the victim’s location and contacts, according to FireEye, a cybersecurity firm that worked on the investigation.
“This group used various cyberespionage tactics to identify its targets and infect their devices with malware to enable surveillance,” Facebook said in a statement.
“[They] set up malicious websites that used look-alike domains for popular Uighur and Turkish news sites.”
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it.”
Facebook’s investigation found links between the hackers and two technology firms based in China, but the company did not specify a connection to the Chinese government.
“We see clear links to the companies and geographic locations of this activity, but we can’t formally prove who is behind this operation,” Nathaniel Gleicher, Facebook’s head of security regulations, said at a news conference.
“These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security.”
Facebook said it had removed the group’s accounts on the platform, which numbered less than 100, and had blocked the sharing of the malicious domains.
In all, fewer than 500 people were targeted by the hackers in 2019 and 2020, Facebook said, adding that they had notified the suspected targets.
On Monday, the European Union has imposed the first sanctions against China in more than 30 years, including against one entity believed to be involved in alleged human rights violations of the Uighur Muslim minority.
China has denied all accusations of abuse and says its camps provide vocational training and are needed to fight extremism.