Facebook says it took action earlier this year to block hackers from Pakistan who targeted people tied to Afghanistan's former government and security forces in the months leading up to the Taliban’s seizure of power in August.
Facebook said on November 16 that the Pakistani group was one of four “malicious” groups it disrupted by disabling their accounts, blocking their domains from appearing on Facebook, alerting people it believed were targeted, and sharing information with other social-media platforms.
The other three were from Syria and targeted opposition or government critics and humanitarian organizations in that war-torn country.
The Pakistan-based group, known as SideCopy, targeted people who were connected to the previous Afghan government, military, and law enforcement in Kabul, according to cybersecurity officials at Meta, Facebook’s parent company.
“This malicious activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” the official said in a news release on November 16.
Meta did not describe what the ultimate motive appeared to be but said the campaign ramped up between April and August by primarily sharing links to websites hosting malware.
The group’s tactics also included "romantic lures" used to build trust with potential targets and get them to click on phishing links or download malicious chat applications.
“They operated fake app stores and also compromised legitimate websites to host malicious phishing pages to manipulate people into giving up their Facebook credentials,” Meta said in describing some of SideCopy’s tactics.
Similar to the campaign from Pakistan, the Syrian campaign primarily targeted people using social-engineering tactics to trick them into clicking on links or downloading malicious software.
The company did not provide figures on the number of accounts potentially affected or the nature of the information hacked.