The company said the sophisticated, covert operation targeted Uyghur activists, journalists, and dissidents from China’s Xinjiang region, as well as individuals living in Turkey, Kazakhstan, the U.S., Syria, Australia, Canada, and other nations.
The hackers attempted to gain access to the computers and phones by creating fake Facebook accounts for supposed journalists and activists, as well as fake websites and apps intended to appeal to an Uyghur audience. In some cases, the hackers created lookalike websites almost identical to legitimate news sites popular with Uyghurs.
The accounts and sites contained malicious links; if the target clicked on one, their computer or smartphone would be infected with software allowing the network to spy on the target’s device.
In all, less than 500 people were targeted, Facebook said. The company said it uncovered the network during its routine security work and has deactivated the fictitious accounts and notified individuals whose devices may have been compromised. Most of the hackers’ activities took place on non-Facebook sites and platforms.
“They tried to create these personas, build trust in the community, and use that as a way to trick people into clicking on these links to expose their devices,” Nathaniel Gleicher, Facebook’s head of security policy, told reporters on a conference call Wednesday.
Facebook’s investigation found links between the hackers and two technology firms based in China but no direct links to the Chinese government, which has been criticized for its harsh treatment of Uyghurs in Xinjiang.
China has imprisoned more than 1 million people, including Uyghurs and other mostly Muslim ethnic groups, in a vast network of concentration camps, according to U.S. officials and human rights groups. People have been subjected to torture, sterilization, and political indoctrination in addition to forced labor as part of an assimilation campaign in a region whose inhabitants are ethnically and culturally distinct from the Han Chinese majority.