A Facebook security team delving into the activities of Chinese state agents on the social media platform found that Chinese hackers targeted Uyghur activists and journalists living in the United States.
“They targeted activists, journalists, and dissidents among Uyghurs and other Muslim minorities from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, and other countries,” Facebook said in a post on Wednesday.
The company detailed the digital espionage efforts in an extensive report detailing a wide range of threats to the platform, including cyber espionage campaigns, influence operations and attempts to hack Facebook by both state actors and other groups.
Facebook says it took action against a group of hackers in China known as “Evil Eye,” and “Earth Empusa.” Facebook’s efforts were designed to disrupt their ability to use their infrastructure to abuse Facebook’s platform by distributing malware and hacking people’s accounts across the internet.
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” said Facebook. “On our platform, this cyber-espionage campaign manifested primarily in sending links to malicious websites rather than direct sharing of the malware itself. We saw this activity slow down at various times, likely in response to our and other companies’ actions to disrupt their activity.”
According to Facebook, the Chinese hackers created fake accounts and posed in a variety of roles, including journalists, students and human rights advocates in order to convince targets to click on links which then sent them to malicious websites that would enable hackers to infect their phones.
Additionally, hackers built lookalike app stores to trick targets into downloading Uyghur-themed apps to exploit phones they were installed on, reports Heimdal Security.
“We’ve observed this group use several distinct Android malware families,” stated Facebook. “Specifically, our investigation and malware analysis found that Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), two Chinese companies, are the developers behind some of the Android tooling deployed by this group. Our assessment of one of them benefited from research by FireEye, a cybersecurity company. These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security.”
In January, the United States declared China to be committing genocide and crimes against humanity against Uyghurs and other ethnic minorities in Xinjiang province. Former Secretary of State Mike Pompeo estimated that as many as two million Uyghurs and members of other ethnic minority groups are detained across the region.