In yet another incident that exposes China’s targeting of Uighur community members, Facebook on Wednesday revealed that it had blocked a group of hackers in China who used the platform to target Uighurs living abroad with links to malware, infecting their device to initiate China’s surveillance.
The social media company said the hackers, known as Earth Empusa or Evil Eye in the security industry, targeted activists, journalists and dissidents who were predominantly Uighurs, a largely Muslim ethnic group facing persecution in China.
The social media giant said that there were less than 500 targets, who were largely from the Xinjiang region but were primarily living abroad in countries including Turkey, Kazakhstan, the United States, Syria, Australia and Canada.
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” Facebook cybersecurity investigators said.
The Chinese hackers set up malicious websites using look-alike domains for popular Uighur and Turkish news sites and compromised legitimate websites visited by the targets. Facebook also found websites created by the group to mimic third-party Android app stores with Uighur-themed apps, like a prayer app and dictionary app, containing malware.