Announced Facebook reports new measures to disrupt a network of hackers residing in China who take advantage of the platform to endanger the Uyghur community.
The group, known to security researchers as Earth Empusa, Evil Eye or Poison Carp, targeted about 500 people via Facebook, including individuals living in the United States, Turkey, Syria, Australia and Canada.
With fake Facebook accounts, hackers impersonated activists, journalists and other sympathetic figures in order to send their targets to the hacked websites outside of Facebook.
Facebook’s security and cyber espionage teams began seeing activity in 2020, and chose to reveal the threat publicly to maximize the impact of the hacking group, which has proven sensitive to public disclosures in the past.
Although Facebook says its social engineering efforts across the platform are part of the puzzle, most of the hacking group’s efforts take place elsewhere online.
The hacking group focuses on attempts to reach targets’ devices through various attacks, including a fake Android app store that offers prayer apps and a Uyghur keyboard.
Upon download, the fake apps infect the devices using two strains of Trojan malware, ActionSpy and PluginPhantom, and hackers have taken advantage of malware known as Insomnia. Across iOS devices.
And while hackers have targeted a smaller number of users than what the company sees in disinformation operations, Facebook stressed that a small set of well-chosen targets can lead to massive impacts.
The Uyghurs are a predominantly Muslim ethnic minority in China that continues to face brutal repression from the Chinese government, including being forced to live in labor camps in the country’s Xinjiang province.
The company linked these malicious apps to Chinese developers, but did not go as far as linking the Chinese government to the campaign.
Facebook said: This activity had the hallmarks of a continuous and well-resourced process, with hiding behind it, and we leave the wider security community to make those decisions when we lack the technical indicators to do so on our own.
Researchers believe that hacking campaigns like this one are part of Beijing’s efforts to expand its surveillance of the communities it subjugates within China’s borders.