Tuesday, April 29, 2025
HomeCyber AttackFacebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities

Facebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities

Published on

SIEM as a Service

Follow Us on Google News

Bangladesh and Vietnam based hackers were caught by Facebook recently for hacking into its users’ accounts and taking control of the pages. APT32, a Vietnamese group, and an unnamed Bangladeshi group were the groups that had gained unauthorized access to people’s accounts across the social media platform.

The operation from Bangladesh primarily focused on compromising the integrity of accounts across the social media platform and had targeted local activists, journalists, and religious minorities, including those living abroad, whereas the agenda of the Vietnamese group was to spread malware to its targets.

The social media giant’s investigation had traced this activity back to two non-profit organizations in Bangladesh, namely Don’s Team a.k.a Defense Of Nation and CRAF (Crime Research and Analysis Foundation).

- Advertisement - Google News

The two teams had falsely reported people on the platform for inappropriate content including impersonation, IP infringements, nudity, and terrorism, read the announcement issued by Nathaniel Gleicher, Facebook’s Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

The compromised accounts were used for the organisations’ own operational activity including propagating their content. There was atleast one instance where the page’s admin account was compromised and the page was deleted.

To put a stop to this malicious activity, Facebook removed the accounts behind this operation.

APT32 Group

APT32 an advanced persistent threat actor targeted Vietnamese human rights activists locally and those living abroad, various foreign governments including Laos and Cambodia, NGOs, news agencies and a number of other businesses. Facebook’s most recent investigation revealed a host of tactics and techniques including:

  • Social engineering: APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted. These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.
  • Malicious Play Store apps: In addition to using Pages, APT32 lured targets to download Android applications through Google Play Store that had a wide range of permissions to allow broad surveillance of peoples’ devices.
  • Malware propagation: APT32 compromised websites and created their own to include obfuscated malicious javascript as part of their watering hole attack to track targets’ browser information. A watering hole attack is when hackers infect websites frequently visited by intended targets to compromise their devices. As part of this, the group built custom malware capable of detecting the type of operating system a target uses (Windows or Mac) before sending a tailored payload that executes the malicious code. Consistent with this group’s past activity, APT32 also used links to file-sharing services where they hosted malicious files for targets to click and download. Most recently, they used shortened links to deliver malware. Finally, the group relied on Dynamic-Link Library (DLL) side-loading attacks in Microsoft Windows applications. They developed malicious files in exe, rar, rtf and iso formats, and delivered benign Word documents containing malicious links in text.

Facebook has advised all to remain vigilant and take appropriate measures to protect their accounts, including avoid clicking on suspicious links and visiting suspicious websites, and downloading software from untrusted sources.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

The Importance of Cybersecurity in The Post-COVID-19 World

Hackers Using COVID-19 Training Lure to Attack Office 365 Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Verizon 2025 Report Highlights Surge in Cyberattacks Through Third Parties

Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck...

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Verizon 2025 Report Highlights Surge in Cyberattacks Through Third Parties

Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...