1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Chinese hackers target Uyghurs abroad on Facebook

March 24, 2021

Facebook has said it blocked a group of Chinese hackers that used the platform to target Uyghur activists living abroad and compromise their security by using surveillance software.

A pro-Uyghur protest at the Chinese embassy in Istanbul
Uyghurs living abroad are spearheading awareness campaigns Image: Getty Images/AFP/O. Kose

Chinese hackers used fake Facebook accounts and websites in an attempt to break into computers and smartphones of Uyghur activists, journalists and dissidents, the social media company announced Wednesday.

Facebook said it was able to detect and disrupt the hacking operation by removing the group's accounts, which numbered less than 100. It also blocked the malware domains and notified those whose accounts were compromised. 

The targets of the cyberespionage numbered less than 500 accounts of Uyghurs from the Xinjiang region in China now living in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, Facebook said. 

The Uyghurs are a Muslim minority group from northwest China. Over 1 million Uyghur are thought to be held in a vast network of camps, in what many nations have condemned as a systematic campaign of repression. The US has referred to Beijing's treatment of Uyghurs as "genocide."

The Uyghur diaspora is heavily involved in advocating for the interests of their community still in China, which has drawn the ire of Beijing

Uighurs recruited as spies

What did the hackers do?

Facebook said the hackers set up websites using lookalike domains of popular Uyghur news sites to trick targets into clicking on links that were booby-trapped with malware.

"This group used various cyberespionage tactics to identify its targets and infect their devices with malware to enable surveillance," Facebook's cyberespionage unit said in a blog post. 

The group also created websites to impersonate app stores offering Uyghur-themed apps that contained malware.  

Facebook said it was used to share links to malicious websites, and the malware was not shared directly on the platform.

Who were the hackers? 

Facebook's investigation said the hackers are known as "Earth Empusa" or "Evil Eye" in the cybersecurity industry.

"This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who's behind it," the blog post said. 

The investigation did not find any direct links between the hackers and the Chinese government

Two Chinese companies, Beijing Best United Technology Co Ltd and Dalian 9Rush Technology Co Ltd were found by Facebook to have developed the Android apps deployed by the hacking group. 

wmr/sms (Reuters, AFP, AP)