Facebook says it disrupted hackers in China

The hackers created fake Facebook accounts and tried to get activists, journalists and dissidents to click on malicious links.

Queenie Wong Former Senior Writer

Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.

Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials

2022 Eddie award for consumer analysis

See full bio

Queenie Wong

March 24, 2021 11:00 a.m. PT

2 min read

Facebook is cracking down on hackers who try to share malicious links on its platform.

Angela Lang/CNET

Facebook on Wednesday said it disrupted a group of hackers in China that tried to infect devices with malicious software and spy on activists, journalists and dissidents.

The group, known as Earth Empusa or Evil Eye, targeted potential victims mainly among Uyghurs from Xinjiang in China who primarily live in the US, Turkey, Kazakhstan, Syria, Australia, Canada and other countries, Facebook said.

The hackers used several tactics, including creating fake Facebook accounts to try to trick users into clicking on links to bogus news websites that contained malware . The linked-to destinations also included malware-laced prayer or dictionary apps for Android that targeted Uyghurs, an ethnic minority group native to Northwest China. Through the fake accounts, the hackers pretended to be journalists, students, human rights advocates or Uyghur community members, the social network said. Facebook said it took down the fake accounts and blocked these malicious website links from being shared on its platform. It's also notifying people who may've been affected by the cyberespionage effort.

It's unclear how successful this group was in tricking journalists, activists and dissidents to click on these links, and Facebook didn't have enough evidence to tie the hackers to a specific entity such as the Chinese government. The crackdown on the group highlights some of the security issues that the social network routinely grapples with as it faces more calls, including from lawmakers, to do a better job of combating misinformation on its platform. On Thursday, Facebook CEO Mark Zuckerberg , Twitter CEO Jack Dorsey and Google CEO Sundar Pichai are scheduled to testify before Congress about how they're tackling this problem.

Since most of the activity happened off the social network, Facebook's head of security policy, Nathaniel Gleicher, said it's "tricky" for the company to determine how many devices were compromised with malware and what information these hackers gathered.

"You could have a very effective cyberespionage campaign that caused real harm that only got a couple of targets," Gleicher said in a press call earlier Wednesday.

Facebook also said the group selectively targeted people by looking at their IP address, operating system, browser, and country and language settings before attempting to infect their devices with malware.

This isn't the first time Facebook has taken action against a cyberespionage campaign. In December, Facebook said it disrupted hackers in Bangladesh and Vietnam.