Washington, Nov 17 (FN Bureau) Facebook has said that hackers from Pakistan targeted people connected to the Afghan government using the social media platform. Head of Cyber Espionage Investigations, Facebook Mike Dvilyanski and Facebook Director, Threat Disruption David Agranovich, in a joint statement said the company took action against four distinct groups of hackers from Pakistan and Syria over the past several months. The statement said that accounts of these groups were disabled and their domains were blocked from being posted on Facebook. The company even shared information with its industry peers, security researchers and law enforcement, and alerted the people who were believed to have been targeted by these hackers. The group from Pakistan – known in the security industry as SideCopy – targeted people, who were connected to President Ashraf Ghani’s government, military and law enforcement in Kabul.
In August, Facebook removed a group of Pakistani hackers, known in the security industry as SideCopy, which targeted people in Afghanistan, particularly those with links to the Afghan government, military and law enforcement in Kabul. The Facebook statement highlighted that the malicious activity was very well-planned and researched. “This malicious activity had the hallmarks of a well-resourced and persistent operation, while obfuscating who’s behind it. On our platform, this cyber espionage campaign ramped up between April and August of 2021 and manifested primarily in sharing links to malicious websites hosting malware,” said the statement. The statement described modus operandi of this malicious actor. “This group created fictitious personas – typically young women – as romantic lures to build trust with potential targets and trick them into clicking on phishing links or downloading malicious chat applications,” it added.
They operated fake app stores and also compromised legitimate websites to host malicious phishing pages to manipulate people into giving up their Facebook credentials. SideCopy further attempted to trick people into installing trojanized chat apps (containing malware that misled people about its true intent), including messengers posing as Viber and Signal, or custom-made Android apps that contained malware to compromise devices. “Among them were apps named HappyChat, HangOn, ChatOut, TrendBanter, SmartSnap, and TeleChat – some of which were in fact functioning chat applications,” it said.