Facebook says it has blocked a group of hackers in China who used the platform to target Uyghurs living abroad with links to malware that would infect their devices and enable surveillance.
The social media company said the hackers, known as Earth Empusa or Evil Eye in the security industry, targeted activists, journalists and dissidents who were predominantly Uyghurs, a largely Muslim ethnic group facing persecution in China.
Facebook said there were less than 500 targets who were largely from the Xinjiang region but were primarily living abroad in countries including Turkey, Kazakhstan, the United States, Syria, Australia and Canada.
It said the majority of the hackers' activity occurred away from Facebook and they used the site to share links to malicious websites rather than directly sharing the malware on the platform.
"This activity had the hallmarks of a well-resourced and persistent operation, while obfuscating who's behind it," Facebook cybersecurity investigators said in a blog post.
Facebook said the hacking group used fake accounts to pose as fictitious journalists, students, human rights advocates or members of the Uyghur community to build trust with their targets and trick them into clicking malicious links that would install spying software on their devices.
It said hackers both set up malicious websites using lookalike domains for popular Uyghur and Turkish news sites, and compromised legitimate websites visited by the targets.
Facebook also found websites created by the group to mimic third-party Android app stores with Uighur-themed apps, like a prayer app and dictionary app, containing malware.
Facebook said its investigation found two Chinese companies, Beijing Best United Technology Co Ltd (Best Lh) and Dalian 9Rush Technology Co Ltd (9Rush), had developed the Android tooling deployed by the group.
The Chinese embassy in the US did not immediately return a message seeking comment on Facebook's report.
Do you have a story tip? Email: email@example.com