Facebook says hackers in Pakistan targeted Afghan users during government collapse

An illustrative photo shows a projection of binary code on a man holding a laptop, in an office in Warsaw, June 24, 2013. REUTERS / Kacper Pempel / File Photo

Nov. 16 (Reuters) – Hackers in Pakistan used Facebook to target people in Afghanistan with ties to the previous government during the Taliban takeover of the country, investigators said into the company’s threats in an interview with Reuters.

Facebook (FB.O) said the group, known in the security industry as SideCopy, shared links to websites hosting malware that could monitor people’s devices. The targets included people linked to the government, army and law enforcement in Kabul, the statement said. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta, said the group created fictional characters of young women as “romantic lures” to build confidence and entice targets to click on phishing links. or download malicious chat applications. It also compromised legitimate websites to manipulate people into giving up their Facebook credentials.

“It is always difficult for us to speculate on the end goal of the threatening actor,” said Mike Dvilyanski, Facebook’s head of cyber espionage investigations. “We don’t know exactly who was compromised or what the end result was.”

Major online platforms and email providers, including Facebook, Twitter Inc (TWTR.N), Alphabet Inc’s Google (GOOGL.O) and Microsoft Corp’s LinkedIn (MSFT.O) have said they have taken steps to lock Afghan user accounts in the Taliban’s rapid attack. takeover of the country last summer. Read more

Facebook said it had previously not disclosed the hacking campaign, which it said escalated between April and August, due to security concerns over its employees in the country and the need to work harder. to investigate the network. He said he shared information with the US State Department as he ended the operation, which he said appeared “well resourced and persistent.”

Investigators also said that Facebook disabled the accounts of two hacking groups linked to Syrian Air Force intelligence services last month.

Facebook said one group, known as the Syrian Electronic Army, targeted human rights activists, journalists and others opposed to the ruling regime, while the other, known as APT-C-37’s name, targeted people linked to the Free Syrian Army and former soldiers who had joined the opposition forces.

Facebook’s head of global threats disruption David Agranovich said the cases in Syria and Afghanistan showed cyberespionage groups taking advantage of times of uncertainty during conflict, when people could be more. susceptible to manipulation.

The company said a third hacking network in Syria, which it linked to the Syrian government and suppressed in October, targeted minority groups, activists and members of the People’s Protection Units (YPG) and the Defense Syrian civilian, or White Helmets.

He said this group was using Facebook for social engineering and sharing malicious links to sites controlled by attackers mimicking apps and updates around the United Nations, White Helmets, YPGs, WhatsApp owned and operated. Alphabet’s Facebook and YouTube (GOOGL.O).

A Facebook spokesperson said the company notified about 2,000 users affected by the campaigns in Afghanistan and Syria, the majority in Afghanistan.

Reporting by Elizabeth Culliford in New York Editing by Matthew Lewis and Jonathan Oatis

Our Standards: Thomson Reuters Trust Principles.

Comments are closed.