Meta says it has taken action against four groups of hackers in Pakistan and Syria that attacked people connected to the former government of Afghanistan, human rights groups and journalists. The accounts have been disabled and domains blocked from posting. The company has also informed security researchers and law enforcement, and alerted the people believed to have been were targeted by the hackers.
The group from Pakistan — known in the security industry as SideCopy — targeted people who were connected to the previous Afghan government, military, and law enforcement in Kabul, Mike Dvilyanski, Head of Cyber Espionage Investigations, and David Agranovich, Director, Threat Disruption, wrote in a blog post.
“In Syria, we removed three distinct hacker groups with links to the Syrian government. The first network in Syria — known as the Syrian Electronic Army — targeted human rights activists, journalists and other groups opposing the ruling regime. We linked this activity to Syria’s Air Force Intelligence.”
“The second network from Syria — known in the security community as APT-C-37 — targeted people linked to the Free Syrian Army and former military personnel who had since joined the opposition forces.”
Meta says investigation linked this activity by APT-C-37 to what is believed to be a separate unit in Syria’s Air Force Intelligence.
“The third network from Syria targeted minority groups, activists, opposition, Kurdish journalists, activists, members of the People’s Protection Units (YPG), and Syria Civil Defense or White Helmets, a volunteer-based humanitarian organization. Our investigation found links between this activity and individuals associated with the Syrian government.”