Friday, October 4, 2024
HomeCyber AttackFacebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities

Facebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities

Published on

Bangladesh and Vietnam based hackers were caught by Facebook recently for hacking into its users’ accounts and taking control of the pages. APT32, a Vietnamese group, and an unnamed Bangladeshi group were the groups that had gained unauthorized access to people’s accounts across the social media platform.

The operation from Bangladesh primarily focused on compromising the integrity of accounts across the social media platform and had targeted local activists, journalists, and religious minorities, including those living abroad, whereas the agenda of the Vietnamese group was to spread malware to its targets.

The social media giant’s investigation had traced this activity back to two non-profit organizations in Bangladesh, namely Don’s Team a.k.a Defense Of Nation and CRAF (Crime Research and Analysis Foundation).

- Advertisement - EHA

The two teams had falsely reported people on the platform for inappropriate content including impersonation, IP infringements, nudity, and terrorism, read the announcement issued by Nathaniel Gleicher, Facebook’s Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

The compromised accounts were used for the organisations’ own operational activity including propagating their content. There was atleast one instance where the page’s admin account was compromised and the page was deleted.

To put a stop to this malicious activity, Facebook removed the accounts behind this operation.

APT32 Group

APT32 an advanced persistent threat actor targeted Vietnamese human rights activists locally and those living abroad, various foreign governments including Laos and Cambodia, NGOs, news agencies and a number of other businesses. Facebook’s most recent investigation revealed a host of tactics and techniques including:

  • Social engineering: APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted. These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.
  • Malicious Play Store apps: In addition to using Pages, APT32 lured targets to download Android applications through Google Play Store that had a wide range of permissions to allow broad surveillance of peoples’ devices.
  • Malware propagation: APT32 compromised websites and created their own to include obfuscated malicious javascript as part of their watering hole attack to track targets’ browser information. A watering hole attack is when hackers infect websites frequently visited by intended targets to compromise their devices. As part of this, the group built custom malware capable of detecting the type of operating system a target uses (Windows or Mac) before sending a tailored payload that executes the malicious code. Consistent with this group’s past activity, APT32 also used links to file-sharing services where they hosted malicious files for targets to click and download. Most recently, they used shortened links to deliver malware. Finally, the group relied on Dynamic-Link Library (DLL) side-loading attacks in Microsoft Windows applications. They developed malicious files in exe, rar, rtf and iso formats, and delivered benign Word documents containing malicious links in text.

Facebook has advised all to remain vigilant and take appropriate measures to protect their accounts, including avoid clicking on suspicious links and visiting suspicious websites, and downloading software from untrusted sources.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

The Importance of Cybersecurity in The Post-COVID-19 World

Hackers Using COVID-19 Training Lure to Attack Office 365 Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...