The Facebook logo is displayed on the phone screen.
Jakub Porzycki/NurPhoto via Getty Images
- Hackers shared links to websites hosting malware that can monitor people’s devices.
- Targets include people with ties to the Kabul government, military, and law enforcement agencies.
- The organization created false roles of young women as “romantic temptations” to build trust and trick targets into clicking on phishing links.
The company’s threat investigators said in an interview with Reuters that hackers from Pakistan used Facebook to target people in Afghanistan who had connections with the previous government during the Taliban’s takeover of the country.
Facebook said the organization, known as SideCopy in the security industry, shared links to websites hosting malware that can monitor people’s devices. It said the targets included people with ties to the Kabul government, military and law enforcement agencies.
Facebook said it had removed SideCopy from its platform in August.
The social media company, which recently changed its name to Met, said the organization created fictional characters of young women as “romantic temptations” to build trust and trick targets into clicking phishing links or downloading malicious chat applications. It also compromised legitimate websites to manipulate people to give up their Facebook credentials.
“It is always difficult to speculate about the ultimate goal of the threat actor,” said Mike Dvilyanski, Facebook’s head of cyber espionage investigations, adding:
We don’t know who was threatened, and we don’t know what the end result will be.
Major online platforms and e-mail providers, including Facebook, Twitter, Alphabet’s Google, and Microsoft’s LinkedIn, all stated that they had taken steps to lock the accounts of Afghan users during the Taliban’s rapid takeover of Afghanistan last summer.
Facebook stated that it had not previously disclosed hacking activities, which intensified between April and August due to safety concerns for its employees in the country and the need to do more to investigate the network. It said it shared information with the U.S. State Department when it cancelled the operation.
Investigators also stated that Facebook disabled the accounts of two hacker groups associated with the Syrian Air Force Intelligence Agency last month.
Read also | Cyber attack on German hospital could result in the death of a woman
Facebook stated that one organization called the “Syrian Electronic Army” targets human rights activists, journalists and others who oppose the ruling regime, while the other targets people associated with the Free Syrian Army and former military personnel who have joined the opposition forces.
David Agranovich, head of Facebook’s global threats and sabotage, said that the Syrian and Afghanistan cases show that cyber espionage organizations take advantage of the uncertain period during the conflict, when people may be more vulnerable to manipulation.
The company stated that the third hacker network in Syria was linked to the Syrian government and was removed in October, targeting minority groups, activists, and members of the People’s Protection Force (YPG) and the Syrian Civil Defense or White Helmets.
We want to hear your opinion on the news. Subscribe to news 24 Be part of the dialogue in the comments section of this article.
