Facebook has uncovered a sophisticated espionage campaign run by Chinese hackers who tried to trick pro-Uyghur activists and dissidents around the world into downloading malicious software that allows surveillance of their devices.
The revelations come after growing concern from the US and its allies over China’s repression of 1 million Uyghurs in Xinjiang, whom politicians worldwide have called a ‘genocide’.
The operation, which Facebook attributed to a well-known Chinese hacking group, created fake versions of news websites popular in Uyghur communities and injected them with malicious software. Users who clicked on the sites then accidentally downloaded the malware, allowing the hackers to access their devices.
In other cases, the hackers hid malware on certain pages of websites frequently visited by their targets, and in malicious apps they created in fake versions of app stores.
Facebook said the number of targets was “less than 500” around the world, but couldn’t say how many of them had been successfully hacked without access to their devices.
The victims were mainly Uyghur dissidents, journalists and activists from Xinjiang who are now based outside of China, including the US, Turkey, Kazakhstan, Canada and Australia.
False accounts on Facebook – posing as journalists, students, human rights activists and other Uyghur community members – were used to share links to the malicious sites and apps, the company said, adding that it found evidence that the campaign had been on the rise since 2019. was underway.
“This activity had the hallmarks of a well-equipped and sustained operation, while obscuring who is behind it,” said Facebook, citing the responsible Chinese hacking group Earth Empusa of Evil Eye. It is unclear whether the group is supported by the Chinese government.
The US, EU, UK and Canada this week coordinated sanctions against several Chinese communist party officials for their role in the repression of Uyghurs in Xinjiang. The move marks growing concern from the West about sprawling detention camps in the northwestern province.
Antony Blinken, the US Secretary of State, has described the repression as “genocide” and the Biden administration has stressed that it will take a hard line against Beijing on human rights issues, including possible crimes in Xinjiang.
The Canadian and Dutch parliaments have also passed resolutions declaring Beijing to commit “genocide”. Some Washington lawmakers are also calling on the US to boycott the Winter Olympics to be held in China next year unless the International Olympic Committee moves the games elsewhere.
The different types of malware used by the attackers that Facebook discovered had different capabilities, from allowing attackers to track phone usage to enabling a device’s camera and microphone, and targeting Android and iOS devices.
Facebook said it was taking action to thwart the network by blocking its infrastructure and malicious links from its platform. It also said it warned victims.
It also named two Chinese vendors, Beijing Best United Technology and Dalian 9Rush Technology Co, which it said were responsible for developing the malware tools, although it said it could not determine whether they were the companies that deploy them.