In a report, the US social media giant also said it had
identified and disabled "politically motivated" espionage operations
by a group believed to be based in Gaza and affiliated with Hamas, the Islamist
rulers of the Palestinian enclave.
The report released today comes ahead of landmark
Palestinian legislative elections set for next month that will see the rival
West Bank-based Palestinian Authority (PA) and Hamas facing off for the first
time in 15 years.
According to Facebook, the PA's Preventive Security Service
(PSS) targeted "journalists, people opposing the Fatah-led government,
human rights activists and military groups," primarily in the West Bank,
Gaza and Syria, "and to a lesser extent Turkey, Iraq, Lebanon and
Libya".
Operating from the West Bank, the operatives used
"low-sophistication malware disguised as secure chat applications" to
infiltrate Android devices and collect information from them, including
"call logs, location, contacts and text messages," the report said.
The PSS also created a fake application to which journalists
were invited to submit "human rights-related articles for
publication", according to the Facebook cyber espionage and threat
investigators who penned the report.
In addition, the intelligence service used false accounts
posing primarily as young women but also "as supporters of Hamas, Fatah,
various military groups, journalists and activists" in order "to
build trust with people they targeted and trick them into installing malicious
software".
The report also noted what it called "state-sponsored
cyber espionage operations" believed to be "politically
motivated" by the so-called Arid Viper group.
Independent researchers say the group has been launching
cyber attacks from Gaza towards Israel since 2013.
Arid Viper's target this time, however, was not Israel,
rather Palestinians, including "individuals associated with pro-Fatah
groups, Palestinian government organisations, military and security personnel,
and student groups within Palestine," Facebook said.
Arid Viper used "over a hundred websites that either
hosted iOS and Android malware, attempted to steal credentials through phishing
or acted as command and control servers," the report said.
"They appear to operate across multiple internet
services, using a combination of social engineering, phishing websites and
continually evolving Windows and Android malware in targeted cyber espionage
campaigns," it added.
Facebook said it had taken down the accounts affiliated with
both the PSS and Arid Viper, "released malware hashes, blocked domains
associated with their activity and alerted people" targeted.
0 comments:
Post a Comment