Hackers in Syria, Pakistan taken down by Meta after sustained cyber attacks

The social media company Meta – previously known as Facebook – has taken down four malicious cyber hacking networks operating in Syria and Pakistan, which targeted Syrian opposition elements and governmental entities in Afghanistan.

In a report on Tuesday, Meta announced that it “took action against four distinct groups of hackers from Pakistan and Syria” which targeted a number of individuals and entities in a sustained campaign that lasted for months.

The hacking network in Pakistan, known as “SideCopy”, posed as young women who sent links to websites – often shortened URL links – in an effort to romantically lure and trick the targets to click on them and gain access to chat applications.

Those links and websites, however, contained malware in them, with the phishing links and trojanised applications resulting in the malware infecting the victims’ devices and collecting sensitive information. Those targeted by the hackers were general people in neighbouring Afghanistan, but also included members of the former Afghan government, military, and law enforcement prior to the Taliban’s takeover of the country in August.

The Syrian hackers consisted of three groups, which were directly linked to the Syrian regime of Bashar Al-Assad and its Air Force Intelligence. They targeted humanitarian organisations, journalists, activists, critics and any individuals affiliated with the opposition in the south and north of Syria.

Those three networks – one of which was the ‘Syrian Electronic Army’ – sent phishing links to the targets, disguising them as Telegram, Facebook, YouTube, and WhatsApp links. Materials focusing on Islam were also used, presumably to attract religious opposition groups.

READ: Middle East nuclear proliferation may be on the way, but the immediate threat is cyberwarfare

The Meta report by its head of cyber espionage investigations, Mike Dvilyanski, and its director of threat disruption, David Agranovich, described the hacking groups’ activities as a “well-resourced and persistent operation.”

The malicious groups were finally disrupted and taken down in the months leading up to the report when Meta “disabled their accounts, blocked their domains from being posted on our platform, shared information with our industry peers, security researchers and law enforcement, and alerted the people who we believe were targeted by these hackers.”

Throughout the past decade of the ongoing Syrian civil war, hacker groups backed – and some say run – by the Assad government have emerged, defending the regime and attacking its critics in the cyber world.

One of those groups was the aforementioned Syrian Electronic Army, which has been active for at least a decade and which many have speculated is assisted by one of Assad’s allies such as Iran or Russia, due to its effectiveness.

In September this year, it was reported that the British government is investigating a cyber-attack against its computer systems, which leaked confidential and sensitive documents revealing the UK’s role in forming civilian news outlets within Syria since the beginning of the revolution in 2011.

READ: Facebook says Palestinian spies behind hacking campaign