EXECUTIVE SUMMARY:
A vicious series of cyber attacks has targeted social media accounts belonging to individuals across South Asia. In this alarming set of incidents, hackers attempted to leverage fictitious Facebook and Instagram personas in order to execute espionage attempts, deliver malware and/or to steal information.
But we’re still at the beginning of this story…
The hackers posed as journalists, recruiters, military personnel and others in order to gain targets’ trust. In other words, hackers socially engineered their way into victims’ lives. Attacks originated from a range of advanced persistent threat actor (APT) groups, several of which seemed geopolitically motivated.
About the hackers
- One of the hacker groups is a Pakistan-based APT that generated 120 fake accounts on Facebook and Instagram to target military personnel within the Pakistan Air Force and other military personnel in India.
- Another hacker group is linked to an APT known as Bahamut, which previously targeted activists, government employees, and military staff in India and Pakistan using Android malware launched through the Google Play Store.
- An additional 50 fake accounts on Facebook and Instagram were affiliated with an India-based hacking group known as Patchwork. This group attempted to harvest data from targets in Pakistan, India, Bangladesh, Sri Lanka, Tibet and China.
Meta’s takedown
Because the hacking groups had conducted activities via Facebook and Instagram, parent company Meta removed the fake adversarial profiles from its networks.
In the takedown process, additional hacking groups operating from the U.S., Venezuela, Iran, China, Georgia, Burkina Faso and Togo, and that engaged in “coordinated inauthentic behavior” on a variety of social media platforms, were also disrupted.
Aforementioned hacking groups are said to have created fraudulent public-facing media brands, hacktivist collectives and NGOs — all in an effort to establish credibility.
Adversarial group details
Meta researchers also found that groups of hackers originating from China operated dozens of fraudulent accounts, pages and groups across Meta’s sites. The intention was seemingly to target accounts in geopolitically strategic locations; from Tibet, to Taiwan, to Uyghur communities.
Shift in tactics
If the surreptitious and widespread use of social media for hacking purposes looks like a change in hacker tactics, well, it is. These hackers are also leveraging known security flaws, using victim websites for command-and-control activities, and are adopting bespoke implants to avoid detection while pilfering information.
Ensure that your organization has a social media security strategy that prioritizes policies, administrative oversight and security technologies. Cyber attackers have become increasingly skillful and cunning when it comes to social media-based deceptions.
If social media is an essential element within your business’s marketing strategy, social media governance shouldn’t be an afterthought. Stay ahead of evolving social media cyber threats and check out our How to Keep Your Organization Safe on Social Media whitepaper.
For more on this story, please click here. Want to keep up with the latest tactics, techniques and procedures used by cyber attackers? Sign up for the CyberTalk.org newsletter! Receive top-notch news stories, best practices and unparalleled expert analyses; delivered straight to your inbox each and every week.
The post Massive cyber espionage operation uncovered in South Asia appeared first on CyberTalk.