Meta has released its ‘Quarterly Adverse Threats Report’ in which the company highlights two cyber espionage operations, conducted by threat actors Bitter APT and APT36, that are targeting people. India as well as other countries.
According to Meta, the report provides a comprehensive perspective of the threats the company has found in several policy violations, such as Coordinated Inauthentic Behavior (CIB), cyber espionage and unauthenticated behavior.
“We took action against two cyber espionage operations in South Asia. One was linked to a group of hackers known in the security industry as Bitter APT, and the other, APT36, to state-linked actors in Pakistan,” Meta noted in its report.
These groups typically target individuals online to gather intelligence, trick them into disclosing information and breach their devices and accounts.
Meta said it has dismantled a brigading network in India, a large-scale reporting network in Indonesia, and coordinated breach networks in Greece and South Africa as well as India as part of its efforts to counter new and emerging threats. .
According to the report, Meta has removed thousands of accounts, pages and groups worldwide in accordance with its unauthenticated behavior policy, which prohibits artificially promoting distribution.
bitter apt
In reference to Bitter APT, which has been active since 2013, Meta reports that it operates from South Asia, and targets people in New Zealand, Pakistan, the United Kingdom, as well as India.
It was observed that the sophistication and operational safety of this group’s operations were relatively modest, but were consistent and well resourced.
According to the report, Bitter APT has targeted many social engineering people on social media platforms like Facebook with the end goal of deploying malware on their devices.
To spread their infection, they mixed link-shortening services, fraudulent domains, compromised websites, and external hosting companies.
According to Meta researchers, the anonymous chat app supplied by attackers may not contain malicious code, but they believe it can be used for more social engineering on the chat medium under the attackers’ control.
According to the report, using genuine Apple services can help attackers evade detection and make them seem more legitimate.
This meant that hackers did not need to rely on exploits to deliver custom malware to targets and could use official Apple services to distribute the app in an effort to make the app appear more legitimate, as long as That they convinced people to download Apple TestFlight and tricked them into installing their chat application,” it added.
While previously the Bitter APT group targeted the energy, engineering and government sectors with remote access Trojans (a type of malware) that were spread via spear-phishing emails or by exploiting known flaws, recent campaigns In the U.S., the group created social media profiles. And posing as journalists or activists themselves used them to trick their targets into clicking on malicious links or downloading malware.
The analysis noted that rather than randomly targeting people with phishing, this gang often invests time and effort in establishing relationships with their targets through various channels, including email.
Meta discovered Bitter APT using a range of additional strategies, using a combination of link-shortening services, hijacked websites, and third-party hosting providers to target victims of the malware.
The researchers found that APT deployed a new family of Android malware, which they called DraCaries in one instance.
It said: “Bitter APT injected Drakery into trojanized (non-official) versions of YouTube, Signal, Telegram, WhatsApp and custom chat applications that store call logs, contacts, files, text messages, geolocation, device information, photos, etc. are able to pick up, enable the microphone, and install apps.”
The report further states, “While malware functionality is fairly standard, as of this writing, the malware and its supporting infrastructure have not been detected by existing public anti-virus systems.”
apt36
According to Meta, APT36, a group with links to Pakistan, also launched a campaign against military officers, government employees and employees of human rights organizations in Afghanistan, Pakistan, the United Arab Emirates and Saudi Arabia, as well as in India.
The report said that even though the activity of this group was not very sophisticated, it was persistent and targeted various online services including email providers, file-hosting sites and social media.
The researchers noted that to target victims, the group pretended to be recruiting for both real and fake businesses as well as military personnel and distributed harmful links to attacker-controlled websites where they stored malware.
“APT36 did not directly share malware on our platform, but instead used the above strategy to share malicious links to sites where they hosted the malware,” the Meta report said. of examples.
According to the report, APT36’s campaign reflects a widespread pattern of spying organizations adopting pre-built, low-cost malicious tools rather than investing in building their own tools.
Additionally, Meta said: “This threat actor is a good example of a global trend we have seen where low-sophistication groups rely on openly available malicious tools rather than invest in developing or buying sophisticated offensive capabilities.” Choose.”
concerns over cyberthreats
This recent finding by META is extremely worrying as the present world is highly dependent on digital communication and India, in particular, is moving towards nationwide expansion of online connectivity under the banner of “Digital India”.
News18 has reached out to some industry experts, who have pointed out facts about such threats, while suggesting some possible steps that can be taken to ensure the safety of Indian citizens.
Srividya Kannan, Founder and Director, Avali Solutions, said that “our vulnerability to cyber attacks is increasingly worrying”, but more worrying is the fact that the growing number of operations based on publicly available malicious tools are being deployed and democratized. Requires less technical expertise. Access to hacking and espionage capabilities.
“It can pose a threat across the board, from government entities to citizens. For example, malware in the form of a popular messaging app widely used by citizens poses a huge risk in terms of snatching information for such a large population,” she said.
According to Satyamohan Yanambaka, CEO of Writer Information Management Services, who called the report “scary”, the increasing use of mobile smartphones, especially the low-cost Apple models and with India as the target market for the Apple and APT groups, is causing a lot of problems. becomes more serious.
Yanambaka said: “A growing number of operations using basic low-cost tools that require less technical expertise to deploy yet yield consequences for attackers. This democratizes access to hacking and surveillance capabilities. because the barrier to entry is reduced.”
“It allows these groups to hide in “noise” and make appreciable denials when investigated by security researchers,” he said.
Next step
Industry experts believe that the first essential step to curb such hazards should be maximum social awareness.
Yanambaka suggested that spending on cyber awareness should be included as part of CSR efforts, and spending on consumer awareness should be made mandatory for IT industry participants such as mutual funds.
He added: “We must have a technical solution to block the channel of attack by these hackers.”
“Through malicious document files and intermediate malware steps, hackers gain access to devices and threat actors spy on them by deploying RATs. By using robust multi-factor authentication, anti-malware endpoint protection tools, and securing reg files Technically these can be prevented and it can be ensured that no file/data base can interfere with improper authentication”, he said.
Meanwhile, Kannan highlighted the fact that most Indian citizens “may not even be vulnerable to something like these cyber threats” which means that “they may be unintentionally exposed to serious and vulnerable to such risks”. Can’t even be alert”.
He believes that with the Digital India initiative and the projected central bank digital currency, the impact of these threats on corporations as well as individuals will only increase if not handled.
Therefore, Kannan said: “There is a dire need for focused and comprehensive consideration of cyber security legislation.”
Another industry expert, Sagar Chandola said that “there is no such public view dashboard for cyber incidents in India and in near future we may also need Aadhaar like Cyber ID”.
Regarding the national-level architecture, Yanambaka said CERT-In is an Indian government body that monitors and distributes cyberattack intelligence, much of it a bridge paradigm in which corporations must seek information.
“This establishment has been promoted nationally by proactively disseminating information, broadcasting alerts, proactively monitoring malware attacks, proactively providing cyberware, encouraging membership, cross-information flow and becoming a watchdog. Well placed to become the cyber warfare prevention body of the National Cyber Agency,” he said.
However, JetKing CEO and Managing Director Harsh Bharwani pointed out that India is particularly vulnerable to cyber intrusions due to certain strategic shortcomings, inadequate risk assessment and late policy execution.
But he also pointed out that India is setting up its own cyber security framework, which includes National Cyber Coordination Center (NCCC), Cyber Operation Center and National Critical Information Infrastructure Protection Center (NCCC) for threat assessment and information sharing among stakeholders. NCIIPC).
He also added: “The government is developing a legal framework to address cyber security, has launched a campaign to raise awareness of the problem and is developing the necessary human resources with appropriate skills.”
read the breaking news And today’s fresh news Here