The head of social media Facebook cybersecurity announced at a press conference held in San Francisco on April 24 that Chinese hacker phishing was found on the Facebook platform targeting overseas Uyghurs, or their supporters, journalists and other target accounts, but Facebook did not say whether this was an act of the Chinese government, saying it could not determine the true identity of these Hackers.
Facebook’s cybersecurity chief said at a press conference that they have found groups of hackers using Facebook and other websites and mobile software to track and monitor hundreds of targeted accounts associated with overseas Uighurs. The targets are activists, journalists or overseas Uyghurs’ accounts. Surveillance viruses are planted on users’ computers or cell phones by luring the relevant target to click on a link containing malware.
Facebook said that while they could clearly see which groups and regions these actions were coming from, they could not prove who was behind the actions.
Facebook’s head of cybersecurity later also pointed out in a communiqué that all indications are that these actions operate for a long Time, have sufficient resources and can hide the identity of the operator.
According to the Facebook bulletin, these hacking actions are usually done outside of the Facebook platform, on some legitimate news sites, by planting fake software that may be of interest to overseas Uyghurs, such as dictionaries or prayer software. That is, through the so-called puddle attack method in cyber attacks, malware is planted on websites that the targeted target may feel comfortable visiting.
These hackers set up fake accounts on Facebook platforms, claiming to be journalists, or human rights activists, or Uyghurs, and use them to get in touch with their targets and lure them to click on relevant links, allowing the spotters to access the targets’ information, and cell phone cameras and microphones. The preferred targets are Uyghurs from Xinjiang who are currently living in Australia, Canada, Kazakhstan, Syria, Turkey, the United States or other countries.
Facebook said that although the hacks involved fewer than 500 accounts worldwide, the impact of the resulting surveillance systems set up would be severe. Facebook has already blocked the domains on its platform where the malware was planted, deleted the accounts of the various groups involved and notified the victims involved. Facebook has also shared the information with other social media outlets.
The hacker groups are named “Earth Empusa”, “Poison Carp” ou “Evil Eye”.