Facebook says hackers in Pakistan targeted Afghan users amid government collapse


FILE PHOTO: An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel/File Photo

(Reuters) -Hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Taliban's takeover of the country, the company's threat investigators said in an interview with Reuters.

Facebook said the group, known in the security industry as SideCopy, shared links to websites hosting malware which could surveil people's devices. Targets included people connected to the government, military and law enforcement in Kabul, it said. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta https://www.reuters.com/technology/facebooks-zuckerberg-kicks-off-its-virtual-reality-event-with-metaverse-vision-2021-10-28, said the group created fictitious personas of young women as "romantic lures" to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromised legitimate websites to manipulate people into giving up their Facebook credentials.

"It's always difficult for us to speculate as to the end goal of the threat actor," said Facebook's head of cyber espionage investigations, Mike Dvilyanski. "We don't know exactly who was compromised or what the end result of that was."

Major online platforms and email providers including Facebook, Twitter Inc, Alphabet Inc's Google and Microsoft Corp's LinkedIn have said they took steps to lock down Afghan users' accounts during the Taliban's swift takeover of the country this past summer.

Facebook said it had not previously disclosed the hacking campaign, which it said ramped up between April and August, due to safety concerns about its employees in the country and the need for more work to investigate the network. It said it shared information with the U.S. State Department at the time it took down the operation, which it said had appeared "well-resourced and persistent."

Investigators also said Facebook had last month disabled the accounts of two hacking groups which it linked to Syria's Air Force Intelligence.

Facebook said one group, known as the Syrian Electronic Army, targeted human rights activists, journalists and others opposing the ruling regime, while the other, known as APT-C-37, targeted people linked to the Free Syrian Army and former military personnel who had joined opposition forces.

Facebook's head of global threat disruption, David Agranovich, said the Syria and Afghanistan cases showed cyber espionage groups leveraging periods of uncertainty during conflicts when people might be more susceptible to manipulation.

The company said a third hacking network in Syria, which it linked to the Syrian government and removed in October, targeted minority groups, activists and members of the People's Protection Units (YPG) and Syria Civil Defense, or White Helmets.

It said this group used Facebook for social engineering and sharing malicious links to attacker-controlled sites mimicking apps and updates around the United Nations, White Helmets, YPG, Facebook-owned WhatsApp and Alphabet's YouTube.

A Facebook spokeswoman said the company had notified about 2,000 users affected by the campaigns in Afghanistan and Syria, the majority in Afghanistan.

(Reporting by Elizabeth Culliford in New YorkEditing by Matthew Lewis and Jonathan Oatis)

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In World

French President Macron to visit Syria, Syrian presidency says
At least eight shot, including four children, in New York
UK's Farage referred to standards watchdog after new report of undeclared benefits
Pakistan to host next round of US-Iran talks on July 11 - reports
Qatar says all maritime activities will resume immediately
Iranian president criticises international silence over Israeli actions
Venezuela quake death toll rises to 2,954, with 16,592 injured
Flash: France beats Paraguay 1-0 to make quarterfinals at FIFA World Cup
Trump offers to help Putin find deal with Ukraine, also speaks with Zelenskiy
North Korea's Kim observed naval destroyer cruise missile launch, weapons tests, state media says

Others Also Read