Pakistani Hackers Use Facebook to Target People in Afghanistan

Pakistani Hackers Use Facebook to Target People in Afghanistan

Hackers from Pakistan are using Facebook to target people in Afghanistan who had ties to the previous government during the Taliban takeover of the country, threat investigators said on Facebook.

Ummatimes - Facebook said the group, known in the security industry as SideCopy, shared links to websites that host malware that can monitor people's devices. The targets included people connected to the government, military and law enforcement in Kabul, Facebook said.

Facebook said it removed SideCopy from its platform in August.

Facebook, which recently changed its name to Meta, said the group created fictional personas of young women as "romantic bait" to build trust and trick targets into clicking phishing links or downloading malicious chat apps. The group also compromised legitimate websites to manipulate people into giving up their Facebook credentials.

"It's always difficult for us to speculate on the ultimate destination of threat actors," said Mike Dvilyanski, head of Facebook's cyber espionage investigation. "We don't know exactly who was compromised or what the end result will be."

Major online platforms and email providers including Facebook, Twitter, Alphabet Inc's Google and Microsoft Corp's LinkedIn, said they took steps to lock down Afghan user accounts during the Taliban occupation in August.

Facebook said it had previously not disclosed the hacking campaign, which it said escalated between April and August, because of security concerns about its employees in the country and the need for more work investigating the network. Facebook said it was sharing information with the US State Department at the time the operation was discontinued.

Investigators also said Facebook last month deactivated the accounts of two hacking groups linked to Syrian Air Force Intelligence.

Facebook said one group, known as the Syrian Electronic Army, targeted human rights activists, journalists and others opposing the ruling regime, while another, known as APT-C-37, targeted people with links to the Liberation Army. Syrians and former military personnel who have joined opposition forces.

Facebook's head of global threat disruption, David Agranovich, said the cases in Syria and Afghanistan show cyber espionage groups are taking advantage of periods of uncertainty during conflicts when people may be more vulnerable to manipulation.

The company said a third hacking network in Syria, linked to the Syrian government and removed in October, targeted minority groups, activists and members of the Kurdish People's Protection Units (YPG) and the Syrian Civil Defense, or White Helmets.

Facebook says the group uses FB for social engineering and shares malicious links to attacker-controlled sites that mimic apps and updates around the United Nations, White Helmets, YPG, Facebook-owned WhatsApp and Alphabet's YouTube.

A Facebook spokesperson said the company had notified about 2,000 users affected by the campaign in Afghanistan and Syria, with the majority of users affected in Afghanistan.