Bangladesh and Vietnam based hackers were caught by Facebook recently for hacking into its users’ accounts and taking control of the pages. APT32, a Vietnamese group, and an unnamed Bangladeshi group were the groups that had gained unauthorized access to people’s accounts across the social media platform.
The operation from Bangladesh primarily focused on compromising the integrity of accounts across the social media platform and had targeted local activists, journalists, and religious minorities, including those living abroad, whereas the agenda of the Vietnamese group was to spread malware to its targets.
The social media giant’s investigation had traced this activity back to two non-profit organizations in Bangladesh, namely Don’s Team a.k.a Defense Of Nation and CRAF (Crime Research and Analysis Foundation).
The two teams had falsely reported people on the platform for inappropriate content including impersonation, IP infringements, nudity, and terrorism, read the announcement issued by Nathaniel Gleicher, Facebook’s Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.
The compromised accounts were used for the organisations’ own operational activity including propagating their content. There was atleast one instance where the page’s admin account was compromised and the page was deleted.
To put a stop to this malicious activity, Facebook removed the accounts behind this operation.
APT32 an advanced persistent threat actor targeted Vietnamese human rights activists locally and those living abroad, various foreign governments including Laos and Cambodia, NGOs, news agencies and a number of other businesses. Facebook’s most recent investigation revealed a host of tactics and techniques including:
- Social engineering: APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted. These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.
- Malicious Play Store apps: In addition to using Pages, APT32 lured targets to download Android applications through Google Play Store that had a wide range of permissions to allow broad surveillance of peoples’ devices.
Facebook has advised all to remain vigilant and take appropriate measures to protect their accounts, including avoid clicking on suspicious links and visiting suspicious websites, and downloading software from untrusted sources.