Facebook Stops Chinese Hackers From Abusing the Platform

Written by Bill Toulas
Last updated September 28, 2021

Facebook has managed to identify the activity of sophisticated Chinese hackers who were abusing the platform systematically and took action against them. According to the relevant report, the actors targeted activists, journalists, and Uyghurs located in Xinjiang, Turkey, Kazakhstan, the United States, Syria, Australia, Canada, and other countries.

This indicates that the hackers are most likely state-sponsored, and based on the indicators seen by Facebook’s threat research team, they belong to the “Evil Eye” group.

The tactics used by the hackers are the following:

Facebook has deleted the accounts linked with the Chinese hackers, notified the users who were targeted by them, and blocked the malicious domains from being shared on the platform. Also, industry peers were informed of all the details so that a complete defense action plan may take place.

One thing that proves the level of sophistication and also the involvement of “Evil Eye” is the fact that they were outsourcing malware development to various Chinese software development companies. Facebook mentions Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), two entities that reportedly served as malware and toolset vendors in this particular campaign. This is very interesting and also a clear indication of the motives and operational status of “Evil Eye.”

If you are an Uyghur, or a journalist, or an activist, don’t trust strangers who approach you via DMs, don’t take anything for granted, and don’t believe anything that may be thrown at you. Social engineering is a powerful tool, maybe the most effective of all, so keep that in mind the next time you have someone you don’t know IRL trying to win your trust by saying things that resonate positively with your ideals.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: