Three different actors used hundreds of well-crafted fictional personas on Facebook and Instagram to target individuals in South Asia as part of various campaigns.
Guy Rosen, Chief Information Security Officer at Meta, said: “This investment in social engineering means that these actors didn’t have to invest as much on the malware side.”
Fake accounts impersonate recruiters, journalists, or military personnel, in addition to using traditional lures like women looking for romantic connections.
At least two of the cyber espionage campaigns involved the use of less advanced malware with limited functionality in an attempt to evade the app verification checks established by Apple and Google.
One of the groups that came under Meta’s scrutiny was the Pakistan-based Advanced Persistent Threat (APT) group, which used its network of 120 accounts on Facebook and Instagram, as well as rogue apps and websites, to It infected soldiers of the Indian and Pakistani Air Forces. It uses GravityRAT under the guise of cloud storage and entertainment apps.
Approximately 110 Facebook and Instagram accounts linked to Bahamut, also identified as an APT targeting activists, government officials, and military personnel in India and Pakistan using Android malware exposed on the Google Play store. has been removed. Apps masquerading as secure chat or VPN apps have since been removed.
Finally, it removed 50 Facebook and Instagram accounts associated with an India-based actor called Patchwork. Patchwork used malicious apps uploaded to the Play Store to collect data from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, and more. China.
In addition, six hostile networks in the United States, Venezuela, Iran, China, Georgia, Burkina Faso, and Togo attacked Facebook, Twitter, Telegram, YouTube, Medium, TikTok, Blogspot, Reddit, and WordPress.
All of these geographically distributed networks are said to have set up fraudulent news media brands, hacktivist groups, and NGOs to build trust. Three of them are linked to a US-based marketing firm called Predictvia, a Togolese political marketing consultancy known as Groupe. Panafricain pour le Commerce et l’Investissement (GPCI), and the Strategic Communications Department of the State of Georgia.
Two Chinese-originating networks operated dozens of malicious accounts, pages, and groups on Facebook and Instagram, targeting users in India, Tibet, Taiwan, Japan, and the Uyghur community.
In each case, Meta said it ceased operations before “building an audience” on its service, connecting one network to an individual associated with a Chinese IT company called Xi’an Tianwendian Network Technology. He added that he had found a group of
The Iranian network has largely singled out Israel, Bahrain and France, according to the social media giant, corroborating Microsoft’s earlier assessment of Iran’s involvement in the January 2023 hack of French satirical magazine Charlie Hebdo. .
“The people behind this network use fake accounts to post, like, and share their content to appear more popular than they used to, and manage pages and groups masquerading as hacktivist teams. “It was a long time ago,” Meta said. “They also liked and shared other people’s posts on cybersecurity topics, which could make the fake accounts seem more credible.”
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
The disclosure indicated that after June 2022, actors affiliated with the Iranian state would increasingly rely on cyber-responsive influence operations to “boost, exaggerate, or compensate for shortcomings in network access or cyberattack capabilities.” This is consistent with a new report from Microsoft that reveals that
The Iranian government has been involved in 24 such operations from seven in 2021 to 24 in 2022, including clusters tracked as Moses Staff, Homeland Justice, Abraham’s Axe, Holy Souls and Darkbit, Redmond said. associated by Since June 2022, 17 surgeries have been performed.
The Windows maker further added, “Three cases of multiple Iranian actors attempting to use mass SMS messaging in the second half of 2022 are likely to enhance the amplification and psychological impact of cyber influence operations.” Stated.
Tactics have changed through the rapid exploitation of known security flaws, the use of victim websites for command and control, and the employment of bespoke implants to evade detection and steal information from victims. is also characterized.
The operation singles out Israel and the United States in retaliation for allegedly fostering domestic unrest, strengthens Palestinian resistance, incites unrest in Bahrain, and counters the normalization of Arab-Israeli relations. I’ve been
