On Wednesday, Facebook disclosed that a group of Chinese hackers had tried to use its platform to target people in the Uyghur community. The company says the collective, which is known as Earth Empusa or Evil Eye, went after about 500 individuals, many of whom were activists, journalists and dissidents living abroad in countries like the US, Australia and Canada. The Uyghurs are a mostly Muslim Turkic minority ethnic group that is persecuted in China, and has been targeted by Evil Eye in the past.
In this case, the group’s efforts were thorough and multifaceted. The hackers created fake Facebook accounts to pose as members of the Uygur community to try and trick their targets into clicking on links to malicious websites. They also set up fake websites and an Android app store to distribute software with malware hidden in its code. The company linked those malicious apps to two Chinese developers, but stopped short of implicating the Chinese government in the campaign. “This activity had the hallmarks of a well-resourced and persistent operation, while obfuscating who’s behind it,” Facebook said.
On Facebook itself, the group’s efforts primarily consisted of using the platform to send links to malicious websites instead of sharing any malware there directly. Facebook said it had shared its finding with other companies so that they too can detect the group’s hacking attempts and stop them.