Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Targeted Afghan Officials on Facebook Amid Taliban Offensive

Facebook revealed Tuesday it had worked to block a hacker group that targeted the accounts of people tied to Afghanistan’s then-government and security forces as the Taliban was moving in to take power.

Facebook revealed Tuesday it had worked to block a hacker group that targeted the accounts of people tied to Afghanistan’s then-government and security forces as the Taliban was moving in to take power.

The Pakistan-based group, known as SideCopy, used “romantic lures” from what appeared to be young women on the platform to try to trick the targets into giving the hackers access to their pages.

Executives from Meta, Facebook’s parent company, did not detail what the ultimate motive appeared to be but noted the attacks were directed at “those with links to the Afghan government, military and law enforcement in Kabul.” 

The hackers’ main technique, known as phishing, was to share links to malicious sites hosting harmful software or to encourage the targets to download compromised chat apps in a campaign that ramped up between April and August.

[ RelatedIs the Taliban a Cyber Threat to the West? ]

After a nearly 20-year insurgency, the Taliban took power in Afghanistan in August as the US-backed government and military collapsed.

As part of the attacks revealed by Facebook, the hackers also set up fake mobile app stores and compromised legitimate sites in an effort to get their prey’s Facebook credentials.

SideCopy also sought to get their victims to download apps containing malware as part of an effort that “had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it.”

The company did not provide figures on the number of accounts potentially affected or the nature of the information hacked.

It said it has shared the information with the relevant authorities, and warned those affected.

The California-based group also said it “removed” the hackers involved in the Afghan operation as well as a set of three groups of hackers that targeted opposition or government critics in Syria. 

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...