Facebook cracks down on ‘Chinese hackers’ targeting Uighurs in exile

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Facebook says it has identified and blocked a network of Chinese hackers on its platform which was targeting members of the Uighur community living abroad.

The company said these hackers were trying to break into the computers and smartphones of almost 500 targets, mostly journalists and activists who were Uighur Muslims, a community facing persecution in northwestern China. 

In a public release, the social media giant said hackers were using its platforms for “sending links to malicious websites” and the majority of the hacking activity itself occurred away from Facebook.

The company says it has now notified the targeted accounts and blocked sharing of the malicious domain. It has also taken down almost 100 accounts that it said were found to be created by the hacker groups known as Earth Empusa or Evil Eye.

The tactics used by the hackers included creating fake profiles posing as Uighur Muslims to connect with prominent personalities of the community living abroad and build trust over time. They also impersonated news websites using look-alike domains for popular Uighur and Turkish news sites and used fake third-party Android app stores with Uighur themes to get users to click on malicious links.

Read more:

"This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it," Facebook cybersecurity investigators said in a blog post.

Facebook said there were less than 500 targets, who were largely from the Xinjiang region but were primarily living abroad in countries including Turkey, Kazakhstan, the United States, Syria, Australia and Canada.

It said the majority of the hackers’ activity occurred away from Facebook and that they used the site to share links to malicious websites rather than directly sharing the malware on the platform.

Facebook’s investigation found two Chinese companies, Beijing Best United Technology Co Ltd (Best Lh) and Dalian 9Rush Technology Co Ltd (9Rush) had developed the Android tooling deployed by the group.

There has been no official response from China yet on the allegations, however this isn't the first time Chinese hackers have been accused of such activities.

The international community has accused China of sustained human rights violations against its Uighur community, with the UN saying more than one million have been detained in Xinjiang. China, which initially denied the existence of the detention camps, has since said they are voluntary vocational training facilities as part of a broader deradicalisation effort.