Social media company Facebook said Wednesday it has blocked a group of Chinese Hackers from using the platform to attack Uighurs living overseas, using malware to infect targeted devices to carry out surveillance.
The hackers, known in the security industry as Earth Empusa or Evil Eye, were targeting activists, journalists and dissidents, mainly Uighurs, Facebook said.
Facebook said fewer than 500 people were targeted, mostly from the Xinjiang region but living mainly overseas, including Turkey, Kazakhstan, the United States, Syria, Australia and Canada.
The company said most of the hacking activity occurred outside of Facebook, which they used to share links to malicious websites, rather than sharing malware directly on the platform.
“This activity is well resourced and ongoing, and there is confusion as to who is behind it.” Facebook cybersecurity investigators said in a blog post.
Facebook said the hacker group used fake Facebook accounts, disguised as journalists, students, human rights advocates or members of the Uighur community, to build trust with their targets and lure them into clicking on malicious links, which would leave their devices loaded with spyware.
Facebook said the hackers not only used domains that looked similar to popular Uyghur and Turkish news sites to create malicious websites, but also disrupted legitimate pages visited by targeted individuals. Facebook also found that the hacker group created websites that mimicked third-party Android App stores with Uyghur-themed apps, such as a prayer app and dictionary app, that contained malware .
Facebook said its investigation found that two Chinese companies, Beijing Best United Technology and Dalian9Rush Technology, developed the Android tools used by the group.
The Chinese Embassy in the United States has not yet responded to a request for comment.
Reuters was unable to find contact information for Dalian9Rush Technology, and a man who answered the phone at Beijing Best United Technology hung up.
Facebook said it has deleted fewer than 100 accounts of the group and banned the sharing of malicious links, and has notified those it believes were targeted. (END)
Recent Comments