Facebook on Wednesday said it disrupted a group of hackers in China that tried to infect devices with malicious software and spy on activists, journalists and dissidents.
The group, known as Earth Empusa or Evil Eye, targeted potential victims mainly among Uyghurs from Xinjiang in China who primarily live in the US, Turkey, Kazakhstan, Syria, Australia, Canada and other countries, Facebook said.
The hackers used several tactics, including creating fake Facebook accounts to try to trick users into clicking on links to bogus news websites that contained malware. The linked-to destinations also included malware-laced prayer or dictionary apps for Android that targeted Uyghurs, an ethnic minority group native to Northwest China. Through the fake accounts, the hackers pretended to be journalists, students, human rights advocates or Uyghur community members, the social network said. Facebook said it took down the fake accounts and blocked these malicious website links from being shared on its platform. It’s also notifying people who may’ve been affected by the cyberespionage effort.
It’s unclear how successful this group was in tricking journalists, activists and dissidents to click on these links, and Facebook didn’t have enough evidence to tie the hackers to a specific entity such as the Chinese government. The crackdown on the group highlights some of the security issues that the social network routinely grapples with as it faces more calls, including from lawmakers, to do a better job of combating misinformation on its platform. On Thursday, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey and Google CEO Sundar Pichai are scheduled to about how they’re tackling this problem.
Since most of the activity happened off the social network, Facebook’s head of security policy, Nathaniel Gleicher, said it’s “tricky” for the company to determine how many devices were compromised with malware and what information these hackers gathered.
“You could have a very effective cyberespionage campaign that caused real harm that only got a couple of targets,” Gleicher said in a press call earlier Wednesday.
Facebook also said the group selectively targeted people by looking at their IP address, operating system, browser, and country and language settings before attempting to infect their devices with malware.
This isn’t the first time Facebook has taken action against a cyberespionage campaign. In December, Facebook said it disrupted hackers in Bangladesh and Vietnam.