Meta, the company that used to be known as Facebook, released a statement saying that it had taken measures against four separate cybercrime organizations from Pakistan and Syria.
The hacking groups had been observed targeting people in Afghanistan, including civil society, journalists, humanitarian organizations, and anti-regime military forces.
To disrupt these malicious groups, we disabled their accounts, blocked their domains from being posted on our platform, shared information with our industry peers, security researchers and law enforcement, and alerted the people who we believe were targeted by these hackers.
The Pakistani organization, known as SideCopy in the security industry, targeted individuals connected to the previous Afghan administration, military, and law enforcement in Kabul.
SideCopy Created Fictitious Personas to Fool the Targets
Between April and August of 2021, the attack, which Meta described as a “well-resourced and persistent operation,” included delivering harmful links, which were typically shortened using URL shortener services, to malware-hosting websites. The attackers pretended to be young women sending romantic messages in order to entice victims to click on phishing links or download malicious chat apps.
SideCopy attempted to trick people into installing trojanized chat apps (i.e. they contained malware that misled people about its true intent),