EXCLUSIVE Facebook says hackers in Pakistan target Afghan users amid government collapse

An illustration shows a binary code projection of a man holding a laptop in an office in Warsaw on June 24, 2013. REUTERS / Kacper Pempel / File Photo

November 16 (Reuters) – Hackers from Pakistan used Facebook to target people in Afghanistan with links to the former government during the Taliban’s takeover of the country, the company’s threat investigators said in an interview with Reuters.

Facebook (FB.O) said the group, known in the security industry as SideCopy, shared links to sites that hosted malware that could monitor people’s devices. The targets included people linked to the government, the military and law enforcement in Kabul, it said. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta, said the group created fictional characters of young women as “romantic lures” to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromised legitimate sites to manipulate people into giving up their Facebook credentials.

“It’s always hard for us to speculate on the end goal of the threat actor,” said Facebook’s head of cyber espionage investigations, Mike Dvilyanski. “We do not know exactly who was compromised or what the end result of it was.”

Major online platforms and email providers including Facebook, Twitter Inc (TWTR.N), Alphabet Inc’s (GOOGL.O) Google and Microsoft Corp’s (MSFT.O) LinkedIn have said they took steps to lock Afghan users’ accounts during the fast-moving times of the Taliban. takeover of the country last summer. Read more

Facebook said it had not previously revealed the hacking campaign, which it said had escalated between April and August, due to security concerns about its employees in the country and the need for more work to investigate the network. It said it shared information with the U.S. State Department at the time the operation ended.

Investigators also said that last month Facebook had deactivated accounts of two hacker groups that it linked to the Syrian Air Force intelligence service.

Facebook said one group, known as the Syrian Electronic Army, targeted human rights activists, journalists and others opposed to the ruling regime, while the other targeted members of the Free Syrian Army and former military personnel who had left to the opposition forces.

Facebook’s head of global threat disruption, David Agranovich, said the Syria and Afghanistan case showed cyber espionage groups exploiting periods of insecurity during conflicts where people may be more susceptible to manipulation.

The company said a third hacking network in Syria, which it linked to the Syrian government and removed in October, was targeting minority groups, activists and members of the People’s Protection Units (YPG) and Syria’s civil defense, or White Helmets.

Reporting by Elizabeth Culliford in New York Editing by Matthew Lewis

Our standards: Thomson Reuters Trust Principles.


Leave a Comment