KEY POINTS

  • Chinese hackers used Facebook to track Uyghur activists living abroad
  • The hackers lured their targets into clicking false links or visiting spoof websites
  • The group of hackers were once said to be affiliated with the Chinese government

Facebook on Wednesday said Chinese hackers created fake accounts on the social media platform as part of a campaign to spy on Uyghur activists. 

The Chinese hackers were part of a group called either Earth Empusa, Evil Eye or Poison Carp. The hackers reportedly used Facebook to identify, track and send malware to Uyghur activists, dissidents and journalists living abroad in Australia, Canada, Turkey, and the United States, among other countries. 

“This group used various cyberespionage tactics to identify its targets and infect their devices with malware to enable surveillance,” Facebook noted. "This activity had the hallmarks of a well-resourced and persistent operation, while obfuscating who's behind it.”

The phishing scam attempted to lure Uyghurs into clicking false links to infect their device with malware. The group also used fake websites with nearly identical URLs to real news sites popular among Uyghurs. 

“We were seeing them create personas on Facebook that are designed to look like journalists that focus on issues critical to the Uyghur community, that are designed to look like activists that might be standing up for the Uyghur community, designed to look like members of the community,” Mike Dvilyanski, Facebook’s head of cyberespionage, told NBC News

The social media company did not directly blame the Chinese government for the campaign. However, it noted that the hackers had previously been cited by Volexity, a cybersecurity company, as being affiliated with Beijing. 

John Hultquist, head of threat intelligence for cybersecurity company Mandiant, noted that hacking and spying on phones were Beijing’s usual tactics. 

“We believed this was sponsored by the Chinese government,” he told NBC News in a phone call. “If you're a security service, hitting on these mobile phones is really optimal. Not only can you have access to their digital lives, you can read their SMS, you can physically locate them, you can turn their speaker on.”

Facebook’s report came after the Biden administration on Monday announced sanctions against two Chinese officials for “serious human rights abuses” against the Uyghurs. The sanctions were part of an effort by the U.S. and its allies, including the European Union, Canada and the United Kingdom.

"The evidence, including from the Chinese Government's own documents, satellite imagery, and eyewitness testimony is overwhelming,” the joint statement read. “China's extensive program of repression includes severe restrictions on religious freedoms, the use of forced labor, mass detention in internment camps, forced sterilizations, and the concerted destruction of Uyghur heritage.”

The Uyghurs are a Turkic ethnic group originating from the general region of Central and East Asia. They are recognized as being native to the Xinjiang Uyghur Autonomous Region in Northwest China.

Facebook said it derailed a Chinese hacker group using the social network to spy on supporters of the Uyghur minority living outside China Facebook said it derailed a Chinese hacker group using the social network to spy on supporters of the Uyghur minority living outside China Photo: AFP / Ozan KOSE