Facebook is taking action against Chinese hacker groups who are spying on Uyghurs

Facebook is taking action against Chinese hacker groups whose primary target is Uyghurs living abroad. Activists, journalists and dissidents should be spied on by smartphone malware. The hackers used fake Facebook accounts that refer to supposedly normal but fake and malware-infected websites as well as Android and iOS apps.

Facebook makes the hacker groups Earth Empusa and Evil Eye responsible for attacks on the mostly Muslim Uyghurs. The perpetrators were well equipped and persistent, successfully hiding. Facebook was able to identify two Chinese companies as the authors of the malware: Beijing Best United Technology and Dalian 9Rush Technology. Facebook avoids mentioning any direct involvement of the Chinese government.

The hacker groups have been creating fake Facebook accounts since 2019, misusing the names of well-known journalists, students, human rights activists and other members of the Uyghur community. These accounts advertised fake versions of highly reputable websites and apps. Visitors to these websites were infected with malware via Javascript. The hackers were also able to infect some real websites that are heavily used by Uyghurs.

The also linked apps for Android and iOS were fakes of apps popular with Uyghurs. These served as Trojans to spy on smartphones. The hackers were able to access contacts, GPS coordinates and even data from other apps such as Signal, WhatsApp, Telegram, Gmail and Hangouts.

The EU already imposed sanctions on China this week. These are based on the allegation that Uyghurs in the autonomous province of Xinjiang (Uighur شینجاڭ) are being monitored in violation of human rights and that large numbers are being held in camps for long periods of time. The Chinese say that the surveillance is necessary to protect against terrorist attacks. The US even calls China’s actions genocide. The Canadian and Dutch parliaments have also passed resolutions condemning China for genocide.

The Chinese government denies any involvement in hacker attacks. Users in Europe are unlikely to be affected by the processes described by Facebook, unless they themselves belong to the Uyghur minority or have contacts with Uyghur dissidents. Facebook has now blocked the links to the infected websites on its platform, deleted the accounts created by the hackers and informed people who might be attacked.


To home page