Facebook threat intelligence analysts discovered recent activities linked to two known APT Groups that have been active since 2015. According to Facebook, the groups, AridViper and Preventive Security Service, used Android and Windows malware and advanced social engineering tactics in an effort to attack journalists, human rights activities and military groups in the Middle East. More specifically, the groups launched cyber-espionage campaigns in Palestine, Syria, Turkey, Iraq, Lebanon and Libya.
Facebook’s director for threat disruption has, however, claimed that the Facebook accounts linked to these hacking networks have been disabled and the targets have been contacted. The findings have been shared with other tech companies to prevent any future distribution of malware. While Facebook has disrupted the APT Group’s infrastructures for now, it has still warned that they could pick their activities up again in the near future: “To disrupt both these operations, we took down their accounts, released malware hashes, blocked domains associated with their activity and alerted people who we believe were targeted by these groups to help them secure their (Facebook) accounts. The groups behind these operations are persistent adversaries, and we know they will evolve their tactics in response to our enforcement.”
