The researchers from iZOOlogic’s threat monitoring team had recently observed an active Facebook campaign targeting Indian clients and entities, wherein malicious and abusive content is propagated through a defined and limited audience.
Several of our clients from India have reported these tactics to our threat monitoring team. However, as we attempted to view the reported abusive Facebook content, we found that they are not easily available as its administrators have set up viewing restrictions on the posts.
It is imperative to note that this campaign is an active threat targeting our Indian clients despite the restrictions established by the threat operators that limit our view on it. Furthermore, we have also determined that limiting the audience to the social media posts means that the threat actors are taking measures to avoid being caught while making the contents available to only the targets.
Our monitoring team sees some reasons the abusive Facebook content and accounts are not available for viewing, thus limiting our attempts to analyse.
First, the active malicious Facebook page administrators have likely set up a country restriction on the abusive content. Facebook admins can modify which countries the posts are only available for viewing, disallowing anyone outside that region to view any content or posts.
Our researchers also consider that the Facebook admins have selected an age restriction to the page, hence not allowing outside of a specific age group to view the page or the abusive content.
Lastly, it is also possible that the threat actors have already unpublished the Facebook page, which could also be the reason for the restricted view of our threat researchers.
This incident is an emerging trend that our threat monitoring team will continue to assess, especially to protect our clients against such risks. While threat actors remain to execute tactics to hide their activities from security analysts, our team would also keep an eye out and implement appropriate threat mitigations to prevent them.