Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country.
The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to single out people with ties to the Afghan government, military and law enforcement in Kabul.
The campaign, which Meta dubbed as a “well-resourced and persistent operation,” involved sending malicious links, often shortened using URL shortener services, to websites hosting malware between April and August of 2021, what with the operators posing as young women and tricking the recipients with romantic lures in a bid to make them click on phishing links or download trojanized chat applications.
Meta’s threat intelligence analysts said these apps were a front for two distinct malware strains, a remote access trojan named PJobRAT, which was previously found targeting the Indian military forces, and a hitherto undocumented implant dubbed Mayhem that’s capable of retrieving contact lists, text messages, call logs, location information, media files, device metadata, and even scrape content on the device’s screen by abusing accessibility services.
Among other SideCopy’s tactics, the hacker group engaged in a number of nefarious activities, including operating rogue app stores, compromising legitimate websites to host malicious phishing pages that were designed to manipulate people into giving up their Facebook credentials. The group was purged from Facebook in August.
Furthermore, Meta also said it disrupted three hacking networks linked to the Syrian government and specifically Syria’s Air Force Intelligence —
“To disrupt these malicious groups, we disabled their accounts, blocked their domains from being posted on our platform, shared information with our industry peers, security researchers and law enforcement, and alerted the people who we believe were targeted by these hackers,” the social technology firm’s Mike Dvilyanski, head of cyber espionage investigations, and David Agranovich, director of threat disruption, said.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.