Facebook Inc reported on Wednesday that it had uncovered a group of Chinese hackers who were using the platform to hack accounts and spread malware. They targeted activists, journalists, and dissidents among Uighurs from Xinjiang living abroad in Turkey, Kazakhstan, Syria, and the United States, according to the company.
According to Facebook, the hackers used various cyber espionage techniques to identify vulnerable targets and infect their devices with malware to allow surveillance. They are known in the security industry as ‘Earth Empusa’ or ‘Evil Eye.’
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” Facebook’s security team stated.
Facebook stopped short of directly blaming the Chinese government for sponsoring the campaign. “We can see geographic attribution based on the activity, but we can’t actually prove who’s behind the operation,” the company’s head of cybersecurity policy, Nathaniel Gleicher, said in a phone call with journalists.
Facebook reported that the hackers are part of the same activity that was connected to the Chinese government by cybersecurity firm Volexity in 2019. It released research revealing that the country’s hackers went to great lengths to hack and spy on Uyghurs.
China has come under fire for its treatment of the mainly Muslim Uighurs in the Chinese province of Xinjiang. China has also been accused by the United States of committing genocide against the group.
Only infecting people with iOS malware allowed the hacker group to hide their behaviour and malicious tools, bypassing technical checks such as IP address, operating system, browser, and language settings.