In an interview with Reuters on Nov. 16, Facebook’s threat investigators said that Pakistan’s hackers had taken to Facebook to attack Afghans, who connected with the former government during the Taliban’s taking control over the country.
Facebook claimed around 2,000 users were impacted by the campaigns in Afghanistan and Syria, mainly in Afghanistan, the company’s spokeswoman reported.
Anyone with connections to government, military, or law enforcement can become the target.
In the security industry, the group known as SideCopy spread links to a website hosting malware, spying on people’s devices, as Facebook said. By making up fabulous personas of young ladies as “romantic urges,” the group attempted to win targets’ trust and cheat them into clicking phishing links or downloading malicious chat apps.
The group also cooperated with orthodox websites in maneuvering people into providing their Facebook credentials.
“It’s always difficult for us to speculate as to the end goal of the threat actor,” said Facebook’s head of cyber espionage investigations, Mike Dvilyanski. “We don’t know exactly who was compromised or what the end result of that was,” Reuters reported
Responding to its dangerous invasion, Facebook removed SideCopy from its platform in August.
During the Taliban’s regaining control over Afghanistan this past summer, leading online platforms and email providers have confirmed their step-by-step lockdown on Afghan users’ accounts, including Facebook, Twitter Inc (TWTR.N), Alphabet Inc’s (GOOGL.O), Google, and Microsoft Corp’s (MSFT.O) LinkedIn.
Owing to safety concerns for their staff and availability for duty for the network’s investigation, Facebook has only recently uncovered the hacking campaign, which increased at a high rate between April and August. The information was shared with the U.S. State Department when the “well-resourced and persistent” operation began.
According to Facebook’s investigators, the company disabled two hacking groups’ accounts connected with Syria’s Air Force Intelligence last month.
Human rights activists, journalists, and others opposing the ruling regime are the Syrian Electronic Army group’s primary targets. Another group, APT-C-37, aimed at people associated with the Free Syrian Army and previous military officials of opposition forces.
Amid the instability due to conflicts in Syria and Afghanistan, the cyber-espionage groups took advantage of the situation to manipulate vulnerable people.
A third hacking network with links to the Syrian government targeted minority groups, activists, and members of the People’s Protection Units (YPG) and Syria Civil Defense, or White Helmets.
This group used Facebook to do social engineering, share malicious links to attacker-controlled sites that resemble apps and updates from the United Nations, White Helmets, YPG, Facebook-owned WhatsApp, and Alphabet’s (GOOGL.O) YouTube.