Facebook shutters Pakistani hacker group that targeted Afghans
Nov 17, 2021 - 07:29 AM
WASHINGTON (AA) – Facebook’s parent company said Tuesday that the social media firm has taken action against a Pakistani hacker group that targeted people who were affiliated with Afghanistan’s former government in its final days.
The Pakistani hacker group SideCopy “targeted people who were connected to the previous Afghan government, military, and law enforcement in Kabul” as the Taliban pressed its offensive that led to the government’s collapse in August, Facebook parent company Meta said in a blog post. SideCopy was removed in August.
“Given the ongoing crisis and the government collapse at the time, we moved quickly to complete the investigation and take action to protect people on our platform, share our findings with industry peers, law enforcement and researchers, and alert those who we believe were targeted,” wrote Facebook’s cyber chiefs Mike Dvilyanski and David Agranovich.
SideCopy’s campaign against former Afghan government officials was well-organized, sophisticated and designed to hide those behind it, they wrote. It ramped up between April and August, and primarily operated by sharing links that would take users to websites that hosted malware.
The group also created fake accounts, primarily posing as young women to lure potential targets into downloading malicious chat apps or clicking on links, and set up fake app stores to fool users into clicking on seemingly-legitimate websites to give up their Facebook credentials.
Some of the “trojanized” chat apps included: HappyChat, HangOn, ChatOut, TrendBanter, SmartSnap and TeleChat.
Meta separately announced it took action against “three distinct hacker groups with links to the Syrian government,” including a group known as the Syrian Electronic Army, which was tied to Syria’s Air Force Intelligence; and APT-C-37, a hacker organization that targeted opposition groups.
The social media company said it also took action against a network that “targeted minority groups, activists, opposition, Kurdish journalists, activists,” members of the YPG, and the Syria Civil Defense or White Helmets. That group was not given a specific name, but Meta maintained its activity was linked to “individuals associated with the Syrian government.”
The Syrian Electronic Army was taken down in October after Meta “found that this threat actor has been subsumed into the Syrian government forces in recent years, with this latest activity linked to Syria’s Air Force Intelligence.” The group targeted users through “social engineering tactics” aimed at getting them to click on malicious links or download malicious software.
APT-C-37 was also taken down in October. Meta did not specify when the third group was removed.