Facebook suspends accounts of Pakistani and Syrian hacking groups for abusing its platform

Meta, formerly known as Facebook, on TuesdayAnnounce, it took some actions to deactivate or delete accounts of four different malicious cyber groups from Pakistan and Syria that Meta found to be carrying out malicious attacks against the Afghan people, Western journalists, humanitarian organizations, and anti-government forces.

allegedly,is calledSideCopyPakistani groups have used the platform to single out people with ties to the Afghan government, military and law enforcement in Kabul.

This activity, which Meta calls a "sustainable and diverse activity," mainly sends malicious links to websites hosting software between April and August 2021. These links are usually shortened using URL shortening services, and the operators pretend to be young women and trick recipients with romantic lures in order to get them to click on a phishing link or download a chat application with a Trojan horse.

Threat intelligence analysts at Meta said the apps are the result of two different malware attacks, one calledPJobRATremote access trojan, previously found to target the Indian Army, and a previously undocumented backdoor called Mayhem that is capable of retrieving contact lists, text messages, call logs, location information, media files, device metadata, and evenAbuse of accessibility servicesGrab content from the device screen.

Among SideCopy's other strategies,hackerThe group is involved in a number of nefarious activities, including running rogue app stores and compromising legitimate websites to host malicious phishing pages designed to manipulate people into giving up their Facebook credentials. The group's account was removed from Facebook in August.

In addition, Meta said it disrupted three hacking networks linked to the Syrian government, specifically the Syrian Air Force intelligence unit -

• Syrian Electronic ArmyAlso known asAPT-C-27, which targeted humanitarian organizations, journalists and activists, government critics, and individuals associated with the anti-regime Free Syrian Army in southern Syria, delivering a mix of commercially available and customized malicious content via phishing links designed to collect sensitive user information. software such asnjRAandHmzaRat.
• APT-C-37, which targets people associated with the Free Syrian Army and military personnel associated with opposition forces, using a tool calledSandroRATThe commercial backdoor and internally developed malware called SSLove used a social engineering scheme to trick victims into visiting disguised websites such as Telegram, Facebook, YouTube and WhatsApp as well as content focused on Islam.
• one with ties to the governmentUnnamed hacker group, targeting minorities in southern Syria, activists, opposition groups, Kurdish journalists, the YPG, and members of the Syrian Civil Defense, mostly in the form of social engineering attacks.

“To disrupt these malicious groups, we disable their accounts, prevent their domains from being published on our platform, and we share information with industry peers, security researchers, and law enforcement to alert people we believe are targets of these hackers. ," said Mike Dvilyanski, chief of cyber espionage investigations and David Agranovich, director of threat disruption at the social technology company.