Security News > 2022 > August > Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets.
The first set of activities is what the company described as "Persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT targeting individuals in New Zealand, India, Pakistan and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta said in its Quarterly Adversarial Threat Report.
The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clicking on bogus links that deployed malware.
The Bitter APT operators used a previously undocumented Android malware dubbed Dracarys, which abuses the operating system's accessibility permissions to install arbitrary apps, record audio, capture photos, and harvest sensitive data from the infected phones such as call logs, contacts, files, text messages, geolocation, and device information.
The latest set of intrusions suggest an amalgamation, having singled out military personnel, government officials, employees of human rights and other non-profit organizations, and students located in Afghanistan, India, Pakistan, Saudi Arabia, and the U.A.E. The targets were social engineered using fake personas by posing as recruiters for both legitimate and fake companies, military personnel, or attractive young women looking to make a romantic connection, ultimately enticing them into opening links hosting malware.
The downloaded files contained LazaSpy, a modified version of an open source Android monitoring software called XploitSPY, while also making use of unofficial WhatsApp, WeChat and YouTube clone apps to deliver another commodity malware known as Mobzsar.
News URL
https://thehackernews.com/2022/08/meta-cracks-down-on-cyber-espionage.html
Related news
- South Korean Citizen Detained in Russia on Cyber Espionage Charges (source)
- U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation (source)
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)