Meta Cracks Down On Cyber Espionage Operations In South Asia Abusing Facebook
Meta disclosed that it took action against two espionage operations in South Asia that leveraged its platforms to distribute malware to potential targets.
They described the first activity by the hacking group as persistent and resource-filled. They utilized the moniker Bitter APT (aka APT-C-08 or T-APT-17) to target individuals in New Zealand, India, Pakistan, and the U.K.
Bitter APT Operating Malware
In its Meta Quarterly report, it said Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware. They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware.
The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clicking on bogus links that deployed malware.
But in an interesting twist, the attackers convinced victims to download an iOS chat application via Apple TestFlight, a legitimate online service that can be used for beta-testing apps and providing feedback to app developers.
The researchers mentioned that the hackers did not need to rely on exploits to deliver custom malware to targets and could utilize official Apple services to distribute the app to make it appear more legitimate.
Furthermore, they could convince people to download Apple Testflight and trick them into installing their chat application.
Meta Cracks Down on Transparent Tribe
The second collective meta disrupted is Transparent Tribe (aka APT36), an advanced persistent threat alleged to be based out of Pakistan. The group targeted government agencies in India and Afghanistan with bespoke malicious tools.
Last month, Cisco Talos attributed the actor to an ongoing phishing campaign targeting students at various educational institutions in India, marking a departure from its typical victimology pattern to include civilian users.
They also targeted military personnel, government officials, employees of human rights and other non-profit organizations, and students located in Afghanistan, India, Pakistan, Saudi Arabia, and the U.A.E.
Both pieces of malware come with features to gather call logs, contacts, files, text messages, geolocation, device information, and photos, as well as enable the device’s microphone, making them effective surveillance tools.
