Security News > 2021 > November > Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform
2021-11-21 23:13

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country.

The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to single out people with ties to the Afghan government, military and law enforcement in Kabul.

Meta's threat intelligence analysts said these apps were a front for two distinct malware strains, a remote access trojan named PJobRAT, which was previously found targeting the Indian military forces, and a previously undocumented implant dubbed Mayhem that's capable of retrieving contact lists, text messages, call logs, location information, media files, device metadata, and even scrape content on the device's screen by abusing accessibility services.

Among other SideCopy's tactics, the hacker group engaged in a number of nefarious activities, including operating rogue app stores, compromising legitimate websites to host malicious phishing pages that were designed to manipulate people into giving up their Facebook credentials.

Syrian Electronic Army aka APT-C-27, which targeted humanitarian organizations, journalists and activists in Southern Syria, critics of the government, and individuals associated with the anti-regime Free Syrian Army with phishing links to deliver a mix of commercially available and custom malware such as njRAT and HmzaRat that are engineered to harvest sensitive user information.

APT-C-37, which targeted people linked to the Free Syrian Army and military personnel affiliated with opposition forces with a commodity backdoor known as SandroRAT and an in-house developed malware family called SSLove via social engineering schemes that duped victims into visiting websites masquerading as Telegram, Facebook, YouTube, and WhatsApp as well as content focussed on Islam.


News URL

https://thehackernews.com/2021/11/facebook-bans-pakistani-and-syrian.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111