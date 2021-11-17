The cyber espionage campaign created fictitious profiles of young women and tricked the victims into clicking on phishing links and downloading malicious chat applications.

Facebook on Tuesday said a group from Pakistan targeted people who were connected to the previous government, military, and law enforcement in Kabul amid the government collapse in the country.

The social media company that recently changed its name to Meta in a blog post said it took action to protect people in Afghanistan and rolled out several security measures to protect their Facebook accounts.

The group known as SideCopy in the security industry shared links to malicious websites hosting malware. The cyber espionage campaign that ramped up between April and August of 2021 created fictitious profiles of young women and tricked the victims into clicking on phishing links and downloading malicious chat applications.

They operated fake app stores and manipulated people into giving up their Facebook credentials on malicious phishing pages. SideCopy tried to trick people into installing fake apps that contained malware to compromise devices so that they could retrieve people’s contact lists, text messages, call logs, location information, media files on the device or connected external storage, and general device metadata.

The company also removed three hacker groups with links to the Syrian government. The first group targeted human rights activists, journalists and other groups opposing the ruling regime. The second targeted people linked to the Free Syrian Army and former military personnel who had joined the opposition forces.

The third network from Syria targeted minority groups, activists, opposition, Kurdish journalists, activists, members of the People’s Protection Units (YPG), and Syria Civil Defense or White Helmets, a volunteer-based humanitarian organization.

Facebook said it disabled the accounts of the groups, blocked their domains from posting on the platform, shared information with industry peers, security researchers and law enforcement, and alerted the people who were targeted by these hackers.