Facebook revealed Tuesday it had worked to block a hacker group that targeted the accounts of people tied to Afghanistan’s then-government and security forces as the Taliban was moving in to take power.
The Pakistan-based group, known as SideCopy, used “romantic lures” from what appeared to be young women on the platform to try to trick the targets into giving the hackers access to their pages.
Executives from Meta, Facebook’s parent company, did not detail what the ultimate motive appeared to be but noted the attacks were directed at “those with links to the Afghan government, military and law enforcement in Kabul.”
The hackers’ main technique, known as phishing, was to share links to malicious sites hosting harmful software or to encourage the targets to download compromised chat apps in a campaign that ramped up between April and August.
After a nearly 20-year insurgency, the Taliban took power in Afghanistan in August as the US-backed government and military collapsed.
As part of the attacks revealed by Facebook, the hackers also set up fake mobile app stores and compromised legitimate sites in an effort to get their prey’s Facebook credentials.
SideCopy also sought to get their victims to download apps containing malware as part of an effort that “had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it.”
The company did not provide figures on the number of accounts potentially affected or the nature of the information hacked.
It said it has shared the information with the relevant authorities, and warned those affected.
The California-based group also said it “removed” the hackers involved in the Afghan operation as well as a set of three groups of hackers that targeted opposition or government critics in Syria.