Facebook Takes Down Two Hacking Groups Operating out of Palestine
Facebook has announced that it managed to take down two significant groups of hackers based in Palestine that were working to compromise Windows, Android, and Apple devices by using all kinds of tricks, includes social engineering, malware, modified apps and much more.
Facebook’s security researchers took action against a couple of groups in Palestine, a network linked to the Preventive Security Service (PSS) and a threat actor known as Arid Viper. Facebook removed their ability to use the social media platform as means of spreading their influence, taking down much of the infrastructure.
Although both groups have been operating out of Palestine, they weren’t connected. Their targets were very different, one looking to compromises victims in Palestine, and the other was focusing on the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon and Libya.
The first group, targeting people in Palestine, seems to be connected to Preventive Security Service â€” the Palestinian Authority’s internal intelligence organization â€“ according to Facebook.
“This persistent threat actor focused on a wide range of targets, including journalists, people opposing the Fatah-led government, human rights activists and military groups including the Syrian opposition and Iraqi military,” said the security researchers. “They used their own low-sophistication malware disguised as secure chat applications, in addition to malware tools openly available on the internet.”
The group used a custom-build Android malware that posed as secure chat applications, but that allowed attackers to gather private data and metadata. Windows was also a target, but the hackers used existing threats such as NJRat and HWorm. Furthermore, the hackers compromised several social media accounts or used fake names to gain the victims’ trust.
The other group, named Arid Viper, is a well-known advanced persistent threat that also goes by the name Desert Falcon and APT-C-23. Their way of operating is different and much more in line with other hacking groups.
“It used sprawling infrastructure to support its operations, including over a hundred websites that either hosted iOS and Android malware, attempted to steal credentials through phishing or acted as command and control servers,” says Facebook. “They appear to operate across multiple internet services, using a combination of social engineering, phishing websites and continually evolving Windows and Android malware in targeted cyber espionage campaigns. “
In their efforts to curb the activities of these two groups, Facebook took down all their linked accounts, published all indicators of compromises, inclusive malware hashes, and shared them with the anti-virus community to make it easier to be discovered.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 13, 2021