Facebook Says Hackers From Pakistan Used Its Platform To Target Afghan Officials

Facebook reveals a hack by Pakistani hackers targeted longtime Afghan officials. (photo: doc. pixabay)

JAKARTA - Hackers from Pakistan are using Facebook to target people in Afghanistan who had ties to the previous government during the Taliban's takeover of the country. This statement came from the threat investigator for the company Facebook in an interview with Reuters.

Facebook said the group, known in the security industry as SideCopy, shared links to websites that host malware that can monitor people's devices. The targets included people connected to the government, military, and law enforcement in Kabul, he said. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta, said the group created fictional personas of young women as "romantic bait" to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromises legitimate websites to manipulate people into giving up their Facebook credentials.

"It's always difficult for us to speculate on the ultimate goal of threat actors," said Mike Dvilyanski, head of Facebook's cyber-espionage investigation. "We don't know exactly who to target or what the end result will be."

Major online platforms and email providers including Facebook, Twitter Inc, Alphabet Inc's Google, and Microsoft Corp's LinkedIn said they took steps to lock down Afghan user accounts during the Taliban's rapid move to take over the country last summer.

Facebook said it had previously not disclosed the hacking campaign, which it said escalated between April and August, because of security concerns for their employees in the country and the need for more effort to investigate the network.

Facebook also shared information with the US State Department at the time the operation was discontinued, also referring to the hacking operation appearing "well-resourced and persistent."

Investigators also said Facebook last month deactivated the accounts of two hacking groups linked to Syrian Air Force Intelligence.

Facebook said one group, known as the Syrian Electronic Army, targeted human rights activists, journalists, and others who opposed the ruling regime. The other, known as APT-C-37, targeted people linked to the Free Syrian Army and former military personnel who had joined opposition forces.

Facebook's head of global threat disruption, David Agranovich, said the cases in Syria and Afghanistan show cyberespionage groups are taking advantage of periods of uncertainty during conflicts when people may be more vulnerable to manipulation.

The company said the third hacking network in Syria, linked to the Syrian government and removed in October, targeted minority groups, activists, and members of the People's Protection Units (YPG) and the Syrian Civil Defense, or White Helmets.

The group uses Facebook for social engineering and shares malicious links to attacker-controlled sites that mimic apps and updates around the United Nations, White Helmets, YPG, Facebook-owned WhatsApp, and Alphabet's YouTube.

A Facebook spokesperson said the company had notified about 2.000 users affected by the campaign in Afghanistan and Syria, the majority in Afghanistan.