Facebook has removed two hacking groups operating from Bangladesh and Vietnam from its platform that were distributing malware and compromising people’s accounts across the Internet.
The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating its Community Standards.
“Our investigation linked this activity to two non-profit organisations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). They appeared to be operating across a number of internet services,” said Nathaniel Gleicher, Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager at Facebook.
APT32, an advanced persistent threat actor based in Vietnam, targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organisations, news agencies and a number of businesses with malware.
“Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hanh Tinh Company Limited, Planet and Diacauso),” Facebook said in a statement late on Thursday.
APT32 has deployed a wide range of adversarial tactics across the internet.
“The people behind these operations are persistent adversaries, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the security community, keep improving to make it harder for them to remain undetected,” said Gleicher.