Chinese hackers used fake Facebook profiles and spoof websites to target Uyghur activists with spy malware, the social media company announced on Wednesday.
Using various cyber espionage tactics, Facebook said, members of Earth Empusa or Evil Eye sought out Muslim Uyghur activists, journalists and dissidents from China’s Xinjiang region. But the sophisticated operation also stretched to individuals living in Turkey, Kazakhstan, Syria, Australia, Canada and the U.S., according to an investigation by the company.
“This activity had the hallmarks of a well-resourced and persistent operation, while obfuscating who’s behind it,” Facebook cybersecurity investigators said in a statement.
The objective of the phishing scam was to lure Uyghur audiences into clicking on false content links — either from a computer or smartphone — to infect the device with malware. In addition to posing as journalists and Uyghur activists, the hackers also developed phony apps and set up imposter websites with nearly identical url’s to real news sites that are popular with Uyghurs.
“On our platform, this cyber espionage campaign manifested primarily in sending links to malicious websites rather than direct sharing of the malware itself,” the company said.