Meta had recently disrupted two cross-platform cyberespionage campaigns after discovering that these operations have leveraged Facebook to propagate malware. The threat disruption operation on the social media platform came after Meta noticed several policy violations done by two hacking groups for cyberespionage attacks.
One of the two state-backed groups hunted down by Meta was the Bitter APT, which has targeted several sectors, including government, energy, and engineering. The second group was the APT36 (Earth Karkaddan), which has mostly targeted entities in India, UAE, Saudi Arabia, Afghanistan, and Pakistan. APT36 also focuses its attacks on the government, human rights groups, military officials, and other NGO members.
Based on analyses, the Bitter APT group generally utilised social engineering tactics in their campaigns, alongside other strategies in spreading malware, such as URL shorteners and phishing websites. On the other hand, experts describe APT36’s methods as low in sophistication but effective in establishing persistence.
Meta stated that if combined, these two state-backed groups were observed targeting India, Pakistan, New Zealand, and the UK.
In most cases, the threat groups imitate fake people or entities to deceive their targets on social media platforms. Some reports reveal that young women, activists, and journalists are examples of the fictitious personas used by cybercriminals in these campaigns. Many victims have fallen prey, implying the effectiveness of such strategies.
The Bitter APT group has also combined social engineering tactics and adversarial adaptation in their attacks to launch malware on their victims’ devices, with one dubbed ‘Dracarys,’ an Android malware. Once the Dracarys malware gets inside a targeted device, it will begin to collect device data, such as text messages, call logs, contacts, and location data. Dracarys could also take photos, activate the microphone, and install more malicious apps.
Meta also named another malware variant called Mobzsar or CapraSpy, used by APT36 in their attacks spread through trojanised application versions of WeChat, WhatsApp, and YouTube.
While social media giants such as Facebook maintain safety and order on its platform, advanced threat groups remain massive threats to people online. Therefore, every user of these apps needs to be extra wary of suspicious and unusual activities and be knowledgeable about staying safe on the web.
