The threat investigators from Facebook revealed that hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Taliban takeover of the country. As per Facebook’s blog post, hackers from Pakistan known as “SideCopy” were found to have been targeting Afghan individuals, particularly those linked to the former government and military and law enforcement in Kabul.
Read more: Facebook Continues to Ban Taliban-Related Content After the Fall of Afghanistan
Facebook blocked the hackers from Pakistan
Facebook said they removed a group of hackers from Pakistan, known in the security industry as SideCopy. They rolled out several security measures for people in Afghanistan to protect their Facebook accounts, as the Taliban takeover over Kabul. The social media firm, which has recently changed the name of its parent company to Meta, details a list of tactics used by the hackers from Pakistan to lure the users.
In a blog post, Facebook wrote that the hackers from Pakistan used the following tactics, techniques, and procedures to target people in Afghanistan amid Taliban takeover:
- This group created fictitious personas — typically young women — as romantic lures to build trust with potential targets and trick them into clicking on phishing links or downloading malicious chat applications.
- They operated fake app stores and compromised legitimate websites to host malicious phishing pages to manipulate people into giving up their Facebook credentials.
- SideCopy attempted to trick people into installing trojanized chat apps (i.e. they contained malware that misled people about its true intent), including messengers posing as Viber and Signal or custom-made Android apps that contained malware to compromise devices. Among them were apps named HappyChat, HangOn, ChatOut, TrendBanter, SmartSnap, and TeleChat — some of which were, in fact, functioning chat applications.
A word from Facebook’s cybersecurity team
Mike Dvilyanski, the head of Cyber Espionage Investigations at Facebook, and David Agranovich, Facebook’s director of Threat Disruption, wrote; “Given the ongoing crisis and the government collapse at the time, we moved quickly to complete the investigation and take action to protect people on our platform, share our findings with industry peers, law enforcement and researchers, and alert those who we believe were targeted.”
Moreover, Facebook has blocked three hacking groups linked to the Syrian government, particularly Syria’s Air Force Intelligence. The groups were targeting the people in Syria, including humanitarian organizations, journalists and activists in Southern Syria, critics of the government, and individuals associated with the anti-regime Free Syrian Army.
Source: Facebook Newsroom