Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
APT organizations from South Asia created hundreds of fictitious Facebook and Instagram profiles to collect personal data and trick users into installing malware, but social media giant Meta shut them down.
How Did Meta Solve the Problem?
The Patchwork advanced persistent group, which is probably tied with India, the unidentified threat actor with Pakistani ties, and the unaffiliated Bahamut threat actor were all discovered by Facebook.
120 Facebook profiles belonging to the unnamed Pakistani state-linked organization were deleted by Meta when it was discovered that the hackers were posing as journalists, job recruiters, and ladies searching for love. They frequently employ the GravityRAT virus, which is “a low-sophistication malware family capable of gathering sensitive user data” and has a history of being used by cybercriminals that target India.
In addition to using Google Drive and Dropbox to host GravityRAT, the threat actors employ domains that pose as file-sharing and storage services or websites dedicated to hiring.
Aside from targeting military officials, activists, and minority groups in Pakistan, India, Bangladesh, Sri Lanka, the Tibetan area, and China, Patchwork, an organization with headquarters in India, was also the subject of legal action by Meta. Similar to Bahamut, Patchwork created 50 fictitious accounts on Facebook and Instagram, some of which were those of journalists, military people, and defense intelligence advisors.
According to Meta, Patchwork was successful in introducing harmful chat apps – now uninstallable – to the Google Play Store. The access to customer data was completely dependent on valid app permissions given by the end user, according to the business, and these apps “contained relatively basic malicious functionality.”
Additionally, Meta shut down 110 Facebook and Instagram profiles that the Bahamut hacking gang had been used to target activists, government workers, military officials, and other individuals in Pakistan and India. The business said that Bahamut engaged in cyberespionage operations employing link-shortening services, hacked or attacker-controlled websites, legitimate and fake app stores, and third-party hosting companies.