Facebook Banned Pakistani & Syrian Hacker Groups

A Pakistani hacking group utilized Facebook accounts with the motive of attacking members of the previous Afghan government, military, and law enforcement agencies. After knowing about the attack, Facebook has taken some serious actions against the four groups of threat actors that belong to Pakistan and Syria. 

However, to stop the malicious attack, Facebook has impaired their accounts, blocked their domains so that they can not post them to the platform.

Moreover, Facebook has also yielded all the data along with their industry peers, security researchers, and law enforcement, and also notified the people who were assumed to be targeted by these threat actors.

Facebook disrupted one Hacking Group Linked to Pakistan

This is not the first time when the Pakistan threat actor group has initiated an attack, as Facebook has removed recently a threat actor group known as SideCopy that belongs to Pakistan.

After this attack, Facebook stated that they will take some actions after completing the whole investigation. As the group has targeted Afghanistan, therefore Facebook has rolled out a number of security measures for people in Afghanistan to preserve their Facebook accounts.

Facebook Disrupted three Hacking Groups Linked to the Syrian Govt

The three hacking groups that were being disrupted by meta, are mentioned below:-

  • Syrian Electronic Army (APT-C-27): This group has attacked humanitarian organizations, journalists and activists in Southern Syria, critics of the government, and many individuals that are linked with the anti-regime Free Syrian Army.
  • APT-C-37: This group has attacked many people that are associated with the Free Syrian Army as well as with military personnel affiliated by opposition forces along with a commodity backdoor identified as SandroRAT.  
  • The third one is unknown: The government has not yet identified the name of the last hacking group, but they have pronounced that this group has attacked minority groups, activists, opposition in Southern Syria, Kurdish journalists, and members of the People’s Protection Units and Syria Civil Defense, with the operation that s being displayed as social engineering attacks.

Identified tactics, techniques, and procedures (TTPs)

TTPs of SideCopy (Pakistan)

  • This group created fictitious personas.
  • They operated fake app stores.
  • They compromised legitimate websites.
  • They tricked people into installing trojanized chat apps.
  • These apps included two malware families like PJobRAT and Mayhem.
  • They use URL shortener links to mask the final destination.

TTPs of Syrian Electronic Army (SEA) or APT-C-27 (Syria)

  • It has shared phishing links to attract victims.
  • They have used custom-built malware families.
  • They have also used new Android malware built with the open-source mobile app.
  • This group has collected a range of delicate user information.

TTPs of APT-C-37 (Syria)

  • This group has used commodity malware known as SandroRAT.
  • The group has relied on social engineering to disseminate malware.
  • This group has relied on Android malware.

TTPs of Unknown group (Syria)

  • The group has shared links to attacker-controlled websites.
  • This group has used SpyNote and SpyMax.
  • This group has not yet been tracked by the security experts.

This type of attack is quite harmful, and this is not the first time that these groups are targetting Facebook. However, it is very important for the users to know about the details of this kind of attack so that they can help themselves to stay safe.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.