Facebook brings down Pakistani hackers group SideCopy targeting previous Afghan government


Pakistani hackers began targeting the Afghan government earlier this year (Photo: IANS)

Facebook announced that it took action against SideCopy—a group of hackers in Pakistan who targeted people in the previous Afghan government, military and law enforcement in Kabul.

In a statement on Tuesday, Facebook's parent company Meta said that it has disrupted the malicious group in Pakistan by disabling their accounts, blocking domains and by sharing their information with "industry peers, security researchers and law enforcement, and alerted the people who we believe were targeted by these hackers".

Facebook officials--Mike Dvilyanski, Head of Cyber Espionage Investigations, and David Agranovich--Director, Threat Disruption, posted the information about action taken against disruptive hackers on the Facebook page.

The social media company said that it took action against the Pakistani hacking group in August.

"Given the ongoing crisis and the government collapse at the time, we moved quickly to complete the investigation and take action to protect people on our platform, share our findings with industry peers, law enforcement and researchers, and alert those who we believe were targeted", said the statement.

It added: "In addition, we rolled out a number of security measures for people in Afghanistan to protect their Facebook accounts".

Facebook said that this malicious activity had the hallmarks of a well-resourced and persistent operation while obfuscating who's behind it. It added that this cyber-espionage campaign stepped up its activity between April and August of 2021 by indulging in sharing links to malicious websites that were hosting malware.

The social media company says: "This group created fictitious personas--typically young women--as romantic lures to build trust with potential targets and trick them into clicking on phishing links or downloading malicious chat applications".

The Pakistani hackers manipulated people into giving up their Facebook credentials.

They also tried to trick people into installing apps with malware or custom-made Android apps that contained malware to compromise devices. This also compromised legitimate websites.

In its statement, Facebook said that Meta's security experts have been working to prevent a wide range of threats including cyber espionage and hacking of Facebook by nation-State actors and other groups.

It added that it also took action against three separate hacking groups from Syria that targeted civil society, journalists, humanitarian organizations and the anti-regime military forces. "Each of these three hacking groups had links to the Syrian government, including Syria’s Air Force Intelligence", said the Facebook statement.