Facebook says hackers in Pakistan targeted Afghan users amid govt collapse

Hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Islamic Emirate of Afghanistan’s (IEA) takeover of the country in mid-August, the company’s threat investigators said in an interview with Reuters.

Facebook said the group, known in the security industry as SideCopy, shared links to websites hosting malware which could surveil people’s devices.

Targets included people connected to the government, military and law enforcement in Kabul, Reuters reported. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta, said the group created fictitious personas of young women as “romantic lures” to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromised legitimate websites to manipulate people into giving up their Facebook credentials.

“It’s always difficult for us to speculate as to the end goal of the threat actor,” said Facebook’s head of cyber espionage investigations, Mike Dvilyanski. “We don’t know exactly who was compromised or what the end result of that was.”

Major online platforms and email providers including Facebook, Twitter Inc, Alphabet Inc’s Google and Microsoft Corp’s LinkedIn have said they took steps to lock down Afghan users’ accounts during the IEA’s swift takeover of the country.