Upon discovering the campaign, Facebook promptly reported the hackers’ server to the domain registrar, resulting in its takedown on January 25, 2023. The campaign had been active for approximately two weeks, and the threat actors are believed to be of Vietnamese origin. The incident underscores the ongoing risks associated with session cookies and their potential exploitation by malicious actors.
