Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan.
In this blog post we are providing additional details about SideCopy that have not been published before. We were able to have unique insights about victims and targeted countries as well as the kind of data the APT group was able to successfully exfiltrate. Among the information that was stolen is access to government portals, Facebook, Twitter and Google credentials, banking information, and password-protected documents.