- Advertisment -
HomeNationalMeta's Quarterly Counter Threat Report highlights how cyberthreat actors spy on Indians ...
- Advertisment -

Meta’s Quarterly Counter Threat Report highlights how cyberthreat actors spy on Indians MPNRC News

- Advertisment -
- Advertisement -

Meta has released its ‘Quarterly Adversarial Threat Report’ in which the company has highlighted two cyber espionage operations, by threat actors BitterAPT and APT36 targeting people in India as well as other countries.

- Advertisement -

According to Meta, the report provides the company with a comprehensive view of the threats found in several policy violations, such as coordinated informal behavior (CIB), cyber espionage and dishonest behavior.

“We have taken action against two cyber espionage operations in South Asia. One was linked to a group of hackers known in the security industry as Bitter APT and the other, APT 36, to state-linked actors in Pakistan,” Meta noted in its report.

- Advertisement -

These groups often target individuals online to gather intelligence, trick them into revealing information, and breach their devices and accounts.

- Advertisement -

Meta said it has dismantled brigading networks in India, mass reporting networks in Indonesia and breaching networks in Greece and South Africa as well as India as part of its efforts to counter new and emerging threats.

According to the report, Meta has removed thousands of accounts, pages and groups around the world in accordance with its Unverified Behavior Policy, which prevents artificially promoting distribution.

Bitter Apt

In the case of Bitter APT, which has been active since 2013, Meta’s report said it operated out of South Asia and targeted people in New Zealand, Pakistan, the United Kingdom as well as India.

It was noted that although the sophistication of the group’s actions and operational security were relatively modest, they were persistent and well-available.

Bitter Apt, according to the report, targets people with a lot of social engineering on social media platforms like Facebook with the ultimate goal of deploying the malware on their devices.

To spread their infection, they combine link-shortening services, fraudulent domains, compromised websites, and external hosting companies.

According to Meta researchers, the anonymous chat app distributed by the attackers may not contain malicious code, but they believe it may have been used for more social engineering on the chat medium under the control of the attackers.

According to the report, using genuine Apple services can help evade detection by attackers and make them seem more legitimate.

“This means that hackers don’t need to rely on exploits to deliver custom malware to targets and can use Apple’s official services to distribute apps to make them look more legitimate, as long as they convince people to download Apple TestFlight and get them to install their chat application. Cheated,” it added.

Previously the Bitter APT group targeted the energy, engineering and government sectors with remote access trojans (a type of malware) that were spread via spear-phishing emails or by exploiting known vulnerabilities, in a recent campaign, the group created social media profiles. and used them to trick their targets into clicking on malicious links or downloading malware by posing as journalists or activists.

The analysis says that instead of randomly targeting people through phishing, this gang often spends time and effort establishing links with its targets through different channels, including email.

Meta also found Bitter Apt to target malware victims using a combination of link-shortening services, hijacked websites and third-party hosting providers, using several additional strategies.

The researchers discovered that APT deployed a brand new family of Android malware that they called Dracarys.

It says: “Bitter Apt infects trojanized (non-official) versions of YouTube, Signal, Telegram, WhatsApp and custom chat applications capable of accessing call logs, contacts, files, text messages, geolocation, device information, taking photos, etc. Druckery injected. Installing the microphone and apps.

“Although the malware functionality is well documented, as of this writing the malware and its infrastructure have not been detected by existing public anti-virus systems,” the report continued.

APT36

According to Meta, APT36, a group with ties to Pakistan, launched a campaign against military officials, government employees and human rights organizations in Afghanistan, Pakistan, the United Arab Emirates and Saudi Arabia, as well as India.

The report said that although the group’s activity was not very sophisticated, it was persistent and targeted a variety of online services, including email providers, file-hosting sites and social media.

The researchers noted that to target victims, the group pretended to be recruiters from real and sound businesses as well as military personnel, and distributed harmful links to attacker-controlled websites that stored the malware.

“APT36 did not directly share the malware on our platform but used the above tactics to share malicious links to sites they controlled and where they hosted the malware,” Meta’s report added, highlighting that XploitSPY, a common Android malware, was used in large numbers. . examples.

According to the report, APT36’s campaign shows a widespread pattern of espionage organizations adopting ready-made, low-cost malicious tools rather than investing in developing their own tools.

Additionally, Meta said: “This threat actor is a good example of a global trend we’ve seen where less-sophisticated groups choose to rely on openly available malicious tools rather than invest in developing or acquiring sophisticated offensive capabilities.”

Concerns about cyberthreats

This recent finding by Meta is of great concern as today’s world is heavily dependent on digital communication and especially as India moves towards nationwide growth of online connectivity under the banner of “Digital India”.

News18 contacted some industry experts who pointed out the relevant facts about such threats and suggested some possible steps to ensure the safety of Indian citizens.

Srividya Kannan, founder and director, Avali Solutions, said that “our vulnerability to cyber-attacks is increasing”, but even more alarming is the fact that an increasing number of operations based on publicly available malicious tools require very little technical expertise to deploy and democratize. Access to hacking and spying capabilities.

“This can pose a threat to everyone from government agencies to citizens. For example, malware masquerading as popular messaging apps that are widely used by citizens poses a huge risk in terms of exfiltrating information for such a large population,” she added.

According to Satyamohan Yanambaka, CEO of Writer Information Management Services, who called the report “alarming”, India is a target market for the Apple and APT groups due to the growing use of mobile smartphones, especially low-cost Apple models. was more serious.

Yanambaka said: “An increasing number of operations using basic low-cost tools that require little technical expertise to deploy still yield results for attackers. It democratizes access to hacking and surveillance capabilities as the barrier to entry is lowered.”

“This allows these groups to hide in the “noise” and provide plausible deniability when scrutinized by security researchers,” he added.

The next step

Industry experts are of the opinion that the first necessary step to prevent such threats is to have maximum social awareness.

Yanambaka suggested that spending on cyber awareness should be included as part of CSR efforts and spending on consumer awareness should be made mandatory for IT industry participants like mutual funds.

He said: “We must have technical solutions to block these hackers’ attack channels.”

“Hackers access devices through malicious document files and intermediate malware stages, and threat actors deploy RATs for espionage. Technically this can be prevented by strong multi-factor authentication, use of anti-malware endpoint protection tools and securing reg files and ensuring that no file/data base can interfere with improper authentications,” he added.

Meanwhile, Kannan highlighted the fact that most Indian citizens “may not even be sensitized to something like these cyber threats” meaning “they may inadvertently be seriously exposed and may not even be aware of such risks”.

She believes that with the Digital India initiative and the projected central bank digital currency, the impact of these threats on corporations as well as individuals will only increase if not addressed.

So, Kannan said: “There is an urgent need for a focused and comprehensive approach to cyber security legislation.”

Another industry expert, Sagar Chandola said, “There is no such public view dashboard for cyber incidents in India and we need to have a support like Cyber ​​ID in near future”.

Regarding the architecture at the national level, Yanambaka said CERT-In is the Indian government body that monitors and distributes cyber attack intelligence, but much of it is a bridge paradigm in which corporations seek information.

“This establishment is well suited to become a national-level cyber warfare prevention organization by actively disseminating information, broadcasting warnings, actively monitoring malware attacks, pro-actively providing cyberware, promoting membership, cross-information flow and being a watchdog. National Cyber ​​Agency,” he added.

However, Harsh Bharwani, CEO and Managing Director of JetKing, explained that India is vulnerable to cyber intrusions due to some strategic deficiencies, inadequate risk assessment and late policy implementation.

But he also pointed out that India is establishing its own cyber security architecture, which will include a National Cyber ​​Coordination Center (NCCC), Cyber ​​Operations Center and National Critical Information Infrastructure Protection Center (NCICIC) for threat assessment and information sharing among stakeholders.

He also said: “The government is developing a legal framework for cyber security, launching a campaign to raise awareness of the issue and developing the necessary human resources with the right skills.”

Read on breaking news And Headlines here

.

- Advertisement -
The Ultimate Managed Hosting Platform
RELATED ARTICLES
- Advertisment -
- Advertisment -

Most Popular

- Advertisment -