12 December 20, 09:10
Quote:Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh.
The social-media giant said it has removed both groups’ ability to use their infrastructure to abuse its platform, distribute malware and hack other accounts. A new analysis said the two groups were unconnected and targeted Facebook users leveraging “very different” tactics.
“The operation from Vietnam focused primarily on spreading malware to its targets, whereas the operation from Bangladesh focused on compromising accounts across platforms and coordinating reporting to get targeted accounts and Pages removed from Facebook,” said Nathaniel Gleicher, head of security policy, and Mike Dvilyanski, cyber-threat intelligence manager at Facebook, in a Thursday post.
APT32, also known as OceanLotus, is a Vietnam-linked advanced persistent threat (APT) that has been in operation since at least 2013. More recently the group has been linked to an espionage effort aimed at Android users in Asia (in a campaign dubbed PhantomLance by Kaspersky in April). Researchers also in November warned of a macOS backdoor variant linked to the APT group, which relies of multi-stage payloads and various updated anti-detection techniques.
Facebook said that APT32 leveraged its platform to target Vietnamese human-rights activists, as well as various foreign governments (including ones in Laos and Cambodia), non-governmental organizations, news agencies and a number of businesses.
Read more: https://threatpost.com/facebook-accounts...ks/162186/