- Hikvision’s Million Spy Contract in China - August 21, 2023
- IT Hero Foils Extortion, Pays Dearly - August 21, 2023
- A BMW Shipped to EU With Backdoors Installed by Hackers as Part of the APT29 Group’s New Strategy - August 21, 2023
APT organizations from South Asia created hundreds of fictitious Facebook and Instagram profiles to collect personal data and trick users into installing malware, but social media giant Meta shut them down.
How Did Meta Solve the Problem?
The Patchwork advanced persistent group, which is probably tied with India, the unidentified threat actor with Pakistani ties, and the unaffiliated Bahamut threat actor were all discovered by Facebook.
120 Facebook profiles belonging to the unnamed Pakistani state-linked organization were deleted by Meta when it was discovered that the hackers were posing as journalists, job recruiters, and ladies searching for love. They frequently employ the GravityRAT virus, which is “a low-sophistication malware family capable of gathering sensitive user data” and has a history of being used by cybercriminals that target India.
Aside from targeting military officials, activists, and minority groups in Pakistan, India, Bangladesh, Sri Lanka, the Tibetan area, and China, Patchwork, an organization with headquarters in India, was also the subject of legal action by Meta. Similar to Bahamut, Patchwork created 50 fictitious accounts on Facebook and Instagram, some of which were those of journalists, military people, and defense intelligence advisors.
According to Meta, Patchwork was successful in introducing harmful chat apps – now uninstallable – to the Google Play Store. The access to customer data was completely dependent on valid app permissions given by the end user, according to the business, and these apps “contained relatively basic malicious functionality.”
Additionally, Meta shut down 110 Facebook and Instagram profiles that the Bahamut hacking gang had been used to target activists, government workers, military officials, and other individuals in Pakistan and India. The business said that Bahamut engaged in cyberespionage operations employing link-shortening services, hacked or attacker-controlled websites, legitimate and fake app stores, and third-party hosting companies.