Members of Canada’s Uyghur community have been targeted by a sophisticated cyber espionage campaign that has been trying to infect devices with malware to permit surveillance, Facebook said today.
Facebook said the campaign used its platform to target hundreds of Uyghur activists, journalists and dissidents in several countries with posts designed to take them to other websites harbouring malware. The company said it cannot tell how many people were tricked into clicking on links that infected their mobile phones or computers.
Facebook Canada said it will notify “fewer than 20” people in Canada who were targeted.
The company said it traced the malware used by the hackers — known as Earth Empusa or Evil Eye — to two companies in China. Facebook said it was not able to determine whether the Chinese government was involved.
“This group used various cyber espionage tactics to identify its targets and infect their devices with malware to enable surveillance,” wrote Mike Dvilyanski — head of cyber espionage investigations for Facebook — and the company’s head of security policy Nathaniel Gleicher in a media statement.
“This activity had the hallmarks of a well resourced and persistent operation, while obfuscating who’s behind it.”
Facebook said the operation targeted Uyghurs from China’s Xinjiang province living in Canada, the United States, Turkey, Kazakhstan, Syria, Australia and other countries.
Fake accounts, fake sites
Facebook said the operation used a variety of techniques to reach the people they were targeting. The company said the hackers set up Facebook accounts where they posed as “journalists, students, human rights advocates or members of the Uyghur community to build trust with people they targeted and trick them into clicking on malicious links.”
They also set up malicious websites that looked like popular Uyghur or Turkish news sites and launched “watering hole attacks” to infect visitors to legitimate websites, Facebook said.
Facebook said the hackers also set up fake third party stores with Uyghur-themed apps that contained malware. They included a keyboard app, a prayer app and a dictionary app.
“To disrupt this operation, we blocked malicious domains from being shared on our platform, took down the group’s accounts and notified people who we believe were targeted by this threat actor,” Facebook said.
News of the cyber espionage operation comes the same week that Canada and other countries sanctioned four Chinese officials for human rights abuses in Xinjiang. Global Affairs Canada said Beijing has arbitrarily imprisoned more than a million people on the basis of their religion and ethnicity.
It also comes a month after the House of Commons voted to declare China’s actions in Xinjiang “a genocide.”
Mehmet Tohti, executive director of the Uyghur Rights Advocacy Project, said Chinese authorities have long targeted the roughly 2,000 members Uyghur community in Canada. What Facebook reported today, he said, is more sophisticated than previous tactics — such as sending e-mails that sound like they come from a friend and encouraging people to click on links.
Tohti said he has not yet heard from anyone contacted by Facebook, adding many Canadian Uyghurs are already wary of social media and any apps that originate in China.
