BIS said the servers were located in the Czech Republic, and the agency was "almost certain" they were operated by Hezbollah, an Islamist political party and militant group based in Lebanon, which the US and fellow NATO countries have labeled as a terrorist organization.
The Czech intelligence agency said the servers and the malware distribution campaign appears to have been going on since the start of 2017.
Hezbollah operatives operated by creating Facebook profiles, posing as attractive women, and reaching out to selected targets.
Middle Eastern intelligence/terrorist organizations have used this same tactic before.
In January 2017, the Israeli Defence Force warned that Hamas (Palestine) agents were using Facebook profiles posing as women to trick soldiers into installing malware on their devices.