Skip to main content

Facebook Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook by Posting Links that Contained Malware for Hacking.


Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets.


The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K.


"Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta said in its Quarterly Adversarial Threat Report. "They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware."


The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clicking on bogus links that deployed malware.


But in an interesting twist, the attackers convinced victims to download an iOS chat application via Apple TestFlight, a legitimate online service that can be used for beta-testing apps and providing feedback to app developers.


"This meant that hackers didn't need to rely on exploits to deliver custom malware to targets and could utilize official Apple services to distribute the app in an effort to make it appear more legitimate, as long as they convinced people to download Apple Testflight and tricked them into installing their chat application," the researchers said.


While the exact functionality of the app is unknown, it's suspected to have been employed as a social engineering ploy to have oversight over the campaign's victims through a chat medium orchestrated specifically for this purpose.


Additionally, the Bitter APT operators used a previously undocumented Android malware dubbed Dracarys, which abuses the operating system's accessibility permissions to install arbitrary apps, record audio, capture photos, and harvest sensitive data from the infected phones such as call logs, contacts, files, text messages, geolocation, and device information.


Dracarys was delivered through trojanized dropper apps posing as YouTube, Signal, Telegram, and WhatsApp, continuing the trend of attackers increasingly deploying malware disguised as legitimate software to break into mobile devices.


Furthermore, in a sign of adversarial adaptation, Meta noted the group countered its detection and blocking efforts by posting broken links or images of malicious links on the chat threads, requiring the recipients to type the link into their browsers.


Bitter's origins are something of a puzzle, with not many indicators available to conclusively tie it to a specific country. It's believed to operate out of South Asia and recently expanded focus to strike military entities in Bangladesh.


Transparent Tribe targets governments with LazaSpy malware

The second collective to be disrupted by Meta is Transparent Tribe (aka APT36), an advanced persistent threat alleged to be based out of Pakistan and which has a track record of targeting government agencies in India and Afghanistan with bespoke malicious tools.


Last month, Cisco Talos attributed the actor to an ongoing phishing campaign targeting students at various educational institutions in India, marking a departure from its typical victimology pattern to include civilian users.


The latest set of intrusions suggest an amalgamation, having singled out military personnel, government officials, employees of human rights and other non-profit organizations, and students located in Afghanistan, India, Pakistan, Saudi Arabia, and the U.A.E.


The targets were social engineered using fake personas by posing as recruiters for both legitimate and fake companies, military personnel, or attractive young women looking to make a romantic connection, ultimately enticing them into opening links hosting malware.


The downloaded files contained LazaSpy, a modified version of an open source Android monitoring software called XploitSPY, while also making use of unofficial WhatsApp, WeChat and YouTube clone apps to deliver another commodity malware known as Mobzsar (aka CapraSpy).


Both pieces of malware come with features to gather call logs, contacts, files, text messages, geolocation, device information, and photos, as well as enable the device's microphone, making them effective surveillance tools.


"This threat actor is a good example of a global trend [...] where low-sophistication groups choose to rely on openly available malicious tools, rather than invest in developing or buying sophisticated offensive capabilities," the researchers said.


These "basic low-cost tools [...] require less technical expertise to deploy, yet yield results for the attackers nonetheless," the company said, adding it "democratizes access to hacking and surveillance capabilities as the barrier to entry becomes lower."


#THN


#osutayusuf

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.