Meta bans 7 watch-for-hire groups from FB, Instagram for spying on users

Meta said it has alerted users who believe these groups were under surveillance and has also shared their findings with security researchers, policy makers and other social media companies.

Researchers at META believe that these groups will try to revive their operations on their social networks by using new obfuscation techniques. “The entities behind these surveillance actions are persistent, and we expect them to develop their own strategy,” he warned.

Social engineering is one of the widely used tactics by these groups to obtain personal information of targets, which is used to carry out phishing attacks and infect devices with malware attacks. according to recent report good By Slashnext Threat Labs, there was a 270% increase in social engineering attacks in 2021.

According to Meta, the movements of these groups were detected by an alert system that was recently updated to provide more granular details such as the nature of the targeting and the entity behind it.

The seven groups banned by Meta include Cobwebs Technologies, Cognyte, Black Cube, BellTroX, Cytrox, Bluehawk CI and an unidentified entity in China.

Meta removed approximately 400 Facebook accounts linked to Bellatrox and 300 Facebook and Instagram accounts linked to BlackCube and Citrrox.

BellTroX is a New Delhi based IT company that reportedly offers hacking as a service. According to Meta, Belltrox was using its social media platform for reconnaissance, social engineering and sending malicious links.

In 2020, Toronto-based Citizen Lab uncovered a global hack-for-hire operation that targeted hundreds and thousands of individuals, including journalists, activists, lawyers, government officials and corporate heads. Citizen Lab found that the group behind the operation called Dark Basin was linked to Belltrox, Reported Mint.

During its investigation, META found that BellTrox was using fake accounts to impersonate politicians, journalists and environmental activists to carry out social engineering and achieve the goals of sharing personal information for future phishing attacks. . The group was caught using some of these fake accounts to target lawyers, doctors, activists and clergy in Australia, Angola, Saudi Arabia and Iceland.

Like BellTroX, Israel-based BlackCube was using fake accounts to steal social engineering and email details. They were posing as graduate students, NGOs and human rights activists. Their targets included NGOs in Africa, Eastern Europe and South America; Activists in Palestine and individuals in Russian universities. They were also targeting people in the mining, medical and energy industries.

The third major entity, Citrox, a North Macedonian company that sells surveillance tools and malware to compromise iOS and Android devices, was caught for defrauding legitimate news entities and imitating social media services.

“Citrox and its customers took steps to tailor their attacks to specific targets by infecting people with malware only if they passed certain technical checks, including IP address and device type. news or redirects to other websites,” said the researchers at Meta.

Meta believes that Cytrox was offering its services to another dangerous actor named the Sphinx who was targeting people in Egypt and surrounding countries. To investigate Cytrox, Meta collaborated with Citizen Lab.

Many governments and companies have begun to crack down on spyware providers and hackers for hire groups. For example, last month the US government slapped Pegasus supplier NSO Group with an export ban, which prohibits them from obtaining hardware and software from any US company without approval from the Commerce Department.

Apple has also filed suit against NSO Group and its parent company OSY Technologies and appealed for a permanent injunction preventing them from using Apple devices, apps and services. Pegasus was used by unknown actors to target several iPhone users.