Facebook Inc. said today that it has taken down a group of Chinese hackers that were targeting Uyghur activists.

Uyghurs are a Turkik ethnic group of people who live in China’s Xinjiang Province. Officially the Chinese Communist Party is putting them in “re-education camps,” but according to some critics, they’re subject to genocide. Xinjiang is also a hotbed of terrorism and some ethnic Uyghurs are calling for separatism from mainland China.

According to Facebook, it took down hackers known in the security industry as “Earth Empusa” or “Evil Eye.” The hacking group allegedly used Facebook to identify, track and send malicious links to Uyghur activists, dissidents and journalists in Turkey, Kazakhstan, the U.S., Syria, Australia, Canada and other countries.

Facebook didn’t outright blame the CCP but implied it. Facebook founder and Chief Executive Officer Mark Zuckerberg has long wanted to get Facebook into China, to the point that he learned how to speak Mandarin.

“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” wrote Mike Dvilyanski, Facebook’s head of cyber espionage investigations and Nathaniel Gleicher, head of security policy. “On our platform, this cyber-espionage campaign manifested primarily in sending links to malicious websites rather than direct sharing of the malware itself. We saw this activity slow down at various times, likely in response to our and other companies’ actions to disrupt their activity.”

Along with targeting Uyghur activists on Facebook itself, the hackers also reportedly set up malicious websites using look-alike domains for popular Uyghur and Turkish news sites and compromised legitimate websites visited by the targets. Reuters noted that Facebook also found websites created by the group to mimic third-party Android app stores with Uyghur-themed apps, such as a prayer app and a dictionary app, that contained malware.

In the case of the Android apps, two companies were linked to them: Beijing Best United Technology Co. Ltd. and Dalian 9Rush Technology Co. Ltd.

“We shared our findings and threat indicators with industry peers so they too can detect and stop this activity,” Dvilyanski and Gleicher concluded.

Image: Facebook