Facebook took action against two different groups of hackers in Bangladesh and Vietnam, removed their accounts and pages from its platform, and shared information it had uncovered with its industrial partners.
The Bangladesh-based group targeted local activists, journalists and religious minorities, including some overseas, and compromised their accounts to have Facebook disable them for violating community standards.
Facebook’s research linked the activity to two nonprofits in the country: the Crime Research and Analysis Foundation and Don’s Team (also known as Defense of Nation).
Nathaniel Gleicher, Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager, said in a newsroom post, “Don’s team and CRAF worked together to report people on Facebook for fictitious violations of our community standards, including alleged impersonation , Intellectual property infringement, nudity and terrorism. They also hacked people’s accounts and pages, and used some of those compromised accounts for their own business purposes, including expanding their contents. At least once, after a site administrator’s account was compromised, the remaining administrators were removed to take over and disable the site. Our research suggests that these targeted hacking attempts were likely carried out through a number of off-platform tactics, including email and device compromises and abuse of our account recovery process. “
In Vietnam, Facebook found that a progressive actor in persistent threats, APT32, was using malware to target Vietnamese human rights defenders (domestic and overseas), foreign governments (including those in Cambodia and Laos), non-governmental organizations, news agencies and companies across information Technology, hospitality, agriculture / raw materials, hospitals, retail, automotive and mobile services.
The group also attracted destinations to download Android applications through the Google Play Store. These apps contained a variety of permissions that enabled comprehensive monitoring of people’s devices.
Gleicher and Dvilyanski stated, “APT32 has created fictional personas on the Internet posing as activists and corporations, or using romantic bait to get in touch with people they target. These efforts often included creating backstops for these fake people and fake organizations in other internet services so that they could appear more legitimate and stand up to scrutiny, including by security researchers. Some of its pages are designed to attract certain followers for later phishing and malware targeting. “