Meta has released its ‘Quarterly Adversarial Threat Report’ in which the company highlighted two cyber espionage operations, carried out by threat actors Bitter APT and APT36, targeting people in India as well as other countries. Target.
According to Meta, the report provides a comprehensive perspective of the risks that the company has detected in several policy violations, such as Coordinated Unauthorized Behavior (CIB), cyber espionage and unauthenticated behavior.
“We took action against two cyber espionage operations in South Asia. One belonged to a group of hackers known in the security industry as Bitter APT, and the other, APT36, to state-linked actors in Pakistan,” Matta said. noted in his report.
These groups typically target individuals online to gather intelligence, extort information from them, and breach their devices and accounts.
Metta said it has dismantled brigadier networks in India, mass reporting networks in Indonesia and breaching networks in Greece and South Africa, as well as in India, and to counter new and emerging threats. As part of its efforts.
According to the report, Meta has removed tens of thousands of accounts, pages and groups worldwide in accordance with its Unauthorized Conduct Policy, which prohibits artificially inflating distribution.
Regarding the Bitter APT, which has been active since 2013, the META report said it operated out of South Asia, and targeted people in New Zealand, Pakistan, the United Kingdom, as well as India.
It was observed that although the operational sophistication and operational security of this group was relatively modest, it was persistent and well resourced.
According to the report, Bitter APT targets people with multiple social engineering techniques on social media platforms such as Facebook with the end goal of deploying malware on their devices.
To spread their infection, they combine link shortening services, fraudulent domains, compromised websites, and outside hosting companies.
According to the meta-researchers, the anonymous chat app provided by the attackers may not contain malicious code, but they believe that it may have been used for more social engineering on the chat medium under the control of the attackers.
According to the report, using genuine Apple services can help attackers avoid detection and appear more legitimate.
“This meant hackers didn’t have to rely on exploits to deliver custom malware to targets and could use Apple’s official services to distribute apps in an attempt to make them appear more legitimate. , until they convince people to download Apple’s test flight. trick them into installing their chat application,” he added.
While the Bitter APT group previously targeted the energy, engineering and government sectors with remote access trojans (a type of malware) spread through spear phishing emails or by exploiting known vulnerabilities, in the latest campaign, The group created social media profiles. And used them to pretend to be journalists or activists to get their targets to click on malicious links or download malware.
Rather than randomly targeting people through phishing, the gang often spends time and effort establishing connections with their targets through various channels, including email, the analysis said.
Meta also discovered BetterAPT using a number of additional tactics, including link shortening services, hijacked websites, and third-party hosting providers to target malware victims. was used.
The researchers found that APT deployed an entirely new family of Android malware that they called Dracarys in one instance.
It says: “Bitter APT injects Dracarys into trojanized (unofficial) versions of YouTube, Signal, Telegram, WhatsApp and custom chat applications that collect call logs, contacts, files, text messages, geolocation, Able to enable device information, capture images, microphone, and install apps.”
“While the functionality of the malware is fairly standard, as of this writing, the malware and its supporting infrastructure remain undetected by existing public antivirus systems,” the report added.
According to Meta, APT36, a group with ties to Pakistan, has carried out attacks against military officers, civil servants, and staff members of human rights organizations in Afghanistan, Pakistan, the United Arab Emirates, and Saudi Arabia, as well as in India. Campaign started.
Although the group’s activity was not very sophisticated, it was consistent and targeted a variety of online services, including email providers, file hosting sites, and social media, the report said.
The researchers noted that to target victims, the group pretended to be both real and fake businesses, as well as recruiters for military personnel, and distributed malicious links to attacker-controlled websites where they deployed malware. used to store
“APT36 did not share the malware directly on our platforms but used the above tactics to share malicious links to sites they control and where they hosted the malware,” Meta’s said. The report highlights that XploitSPY, a common Android malware, was used in a large number of cases. of examples
According to the report, APT36’s campaign illustrates a broad pattern of espionage organizations that are adopting ready-made, low-cost malicious tools rather than investing in creating their own tools.
Additionally, Metta said: “This threat actor is a good example of a global trend we’ve seen where less sophisticated groups instead invest in developing or purchasing sophisticated offensive capabilities, exploiting openly available malware. choose to rely on tools based on
This recent discovery by Metta is very alarming as the present world relies heavily on digital communication and India, in particular, is moving towards increasing nationwide online connectivity under the banner of “Digital India”.
News18 has contacted some industry experts who identified relevant facts about such threats and suggested some possible steps that can be taken to ensure the safety of Indian citizens.
Sri Vidya Kannan, Founder and Director, Avaali Solutions said, “Our vulnerability to cyber attacks continues to grow,” but even more alarming is the growing number of operations based on publicly available malicious tools. Less technical expertise is required to deploy and democratize the numbers. Access to hacking and spying capabilities.
“This can pose a threat across the board, from government agencies to citizens. For example, malware can disguise information for such a large population by disguising popular messaging apps that are widely used by citizens. There is a great danger in the matter of encirclement.
According to Satyamohan Yanambaka, CEO of Reuters Information Management Services, who called the report “alarming”, the growing use of mobile smartphones, especially low-cost Apple models, and India’s Apple and APT groups As a target market for, the problem becomes much more serious.
Yanambaka said: “A growing number of operations using basic low-cost tools that require little technical expertise to deploy, but still have consequences for attackers. These hacking and surveillance democratizes access to talent as the barrier to entry lowers.”
“It also allows these groups to hide in the “noise” and gain objectionable deniability when scrutinized by security researchers,” he added.
The next step
Industry experts believe that the first step to prevent such threats should be greater social awareness.
Yanambaka suggested that spending on cyber awareness should be included as part of CSR efforts, and spending on consumer awareness should be made mandatory for IT industry participants such as mutual funds.
He said: “We must have a technical solution to block these hackers’ attack channels.”
“Hackers gain access to devices through malicious document files and intermediate malware stages and threat actors deploy RATs for espionage. He added that strong multi-factor authentication, use of anti-malware endpoint protection tools and Reg files can be technically prevented by securing them and ensuring that no file/database can interfere with improper authentication.
Meanwhile, Kannan highlighted the fact that most Indian citizens “may not even be sensitized to anything like these cyber threats” which means “they could be unknowingly severely exposed and Can’t even be aware of such dangers”.
He believes that with the Digital India initiative and the anticipated central bank digital currency, the impact of these threats on corporations as well as individuals will only increase if left unchecked.
Therefore, Kannan said: “Cybersecurity legislation is in dire need of focused and comprehensive thinking.”
Another industry expert, Sagar Chandola, said “There is no such public view dashboard for cyber incidents in India and in the near future we may also need to have an Aadhaar like CyberID”.
On the national-level architecture, Yanambaka said that although CERT-In is a Government of India body that monitors and provides cyber attack intelligence, it is largely a bridge paradigm with Corporations must receive information.
“This establishment shall actively promote information, circulate warnings, actively monitor malware attacks, actively provide cyberware, encourage membership, encourage and monitor the flow of information as a national “The National Cyber Agency is well-placed to be the top cyber-warfare prevention agency,” he added.
However, Harsh Bharwani, CEO and Managing Director of JetKing, explained that India is particularly vulnerable to cyber intrusions due to some strategic flaws, inadequate threat assessment, and late policy implementation.
But he also pointed out that India is building its own cyber security infrastructure, including the National Cyber Coordination Center (NCCC), Cyber Operations Center and National Critical Information Infrastructure Protection for threat assessment and information sharing among stakeholders. Center (NCIPC) will be involved.
He also said: “The government is developing a legal framework to deal with cyber security, has launched a campaign to create awareness about the issue and develop necessary human resources with appropriate skills. has been.”
read Latest news And Latest news Here