Facebook Takes Down Two Hacking Groups Operating out of Palestine
Facebook has announced that it managed to take down two significant groups of hackers based in Palestine that were working to compromise Windows, Android, and Apple devices by using all kinds of tricks, includes social engineering, malware, modified apps and much more.
Facebook’s security researchers took action against a couple of groups in Palestine, a network linked to the Preventive Security Service (PSS) and a threat actor known as Arid Viper. Facebook removed their ability to use the social media platform as means of spreading their influence, taking down much of the infrastructure.
Although both groups have been operating out of Palestine, they weren’t connected. Their targets were very different, one looking to compromises victims in Palestine, and the other was focusing on the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon and Libya.
The first group, targeting people in Palestine, seems to be connected to Preventive Security Service â€” the Palestinian Authority’s internal intelligence organization â€“ according to Facebook.
“This persistent threat actor focused on a wide range of targets, including journalists, people opposing the Fatah-led government, human rights activists and military groups including the Syrian opposition and Iraqi military,” said the security researchers. “They used their own low-sophistication malware disguised as secure chat applications, in addition to malware tools openly available on the internet.”
The group used a custom-build Android malware that posed as secure chat applications, but that allowed attackers to gather private data and metadata. Windows was also a target, but the hackers used existing threats such as NJRat and HWorm. Furthermore, the hackers compromised several social media accounts or used fake names to gain the victims’ trust.
The other group, named Arid Viper, is a well-known advanced persistent threat that also goes by the name Desert Falcon and APT-C-23. Their way of operating is different and much more in line with other hacking groups.
“It used sprawling infrastructure to support its operations, including over a hundred websites that either hosted iOS and Android malware, attempted to steal credentials through phishing or acted as command and control servers,” says Facebook. “They appear to operate across multiple internet services, using a combination of social engineering, phishing websites and continually evolving Windows and Android malware in targeted cyber espionage campaigns. “
In their efforts to curb the activities of these two groups, Facebook took down all their linked accounts, published all indicators of compromises, inclusive malware hashes, and shared them with the anti-virus community to make it easier to be discovered.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022