Meta said in a recent disclosure that it hunted down and blocked the infrastructure of numerous spyware vendors from various countries, including China, Russia, India, Israel, and the US. These malicious vendors targeted tens of thousands of individuals across 200 countries, operating since at least 2017.
In a published post last December 15, Meta said that the spyware landscape had been continually expanding and targeting people regardless of status. This includes politicians, activists, journalists, and more. Most of these campaigns aim to snoop on their targets and manipulate their devices to gather intelligence and have the upper hand against them.
Over a hundred countries were targeted by at least one malicious network run by spyware vendors.
Meta added that the malicious networks they have found have been engaging in coordinated inauthentic behaviour or CIB. Most of these networks originated from 68 countries and have targeted more than a hundred local and overseas nations.
Furthermore, Meta’s findings show that the US has been the most targeted nation in the last five years, with 34 attack campaigns directed at them. Ukraine followed second with 20 operations, and the UK, with 16 operations, was third.
It is worth noting that these findings point to Russia being the country with the most attack campaigns performed. These countries running malicious CIB networks can target entities from their local countries or abroad and have a cross-platform presence on many social media platforms, such as Facebook, Instagram, Twitter, Telegram, TikTok, YouTube, Blogspot, and more.
A separate security entity also reported blocking about 130 malicious user accounts from Candiru – an Israel-based company believed to have been using fake accounts to test phishing activities. Moreover, another Israeli firm QuaDream is also seen engaging in similar schemes, using a set of 250 fake accounts to test malicious activities, including stealing data from Android and iOS devices.
The two firms, Candiru and QuaDream, are presumed to be a part of the widescale set of spyware vendors since they are former affiliates of the controversial nation-backed intelligence organisation NSO Group.
Meta also shut down over 5,000 fake accounts from other suspected spyware vendors, which use them to scrape publicly available data.
As stressed by the tech giant, these malicious companies promote illicit surveillance services regardless of client, which they aim to counter in the coming years, with plans in 2023 to double down their actions in addressing these issues. Meta also looks forward to the democratic government’s more concerted regulatory response.
