"Meta Stops Two Cyberespionage Activities in South Asia"
Meta, Facebook's parent company, took action earlier this year against two cross-platform cyberespionage operations that relied on multiple websites for malware distribution. Bitter APT is the first hacking group that Meta shut down in the second quarter. The organization, also known as T-APT-17, has been in operation since at least 2013, primarily targeting government, engineering, and energy entities. Meta has seen the hacker gang use link-shortening services, malicious and hacked websites, and third-party hosting companies to infect victims in India, New Zealand, Pakistan, and the UK with malware. The gang has created false identities masquerading as journalists, activists, and more, in order to connect with potential victims and gain their trust before luring them into downloading malware. Bitter APT has been observed deploying an iOS chat application delivered via Apple's Testflight service. It is unclear whether the program was malicious or if its primary goal was social engineering. The hackers also used an Android malware family that exploited accessibility services to carry out malicious operations on the compromised devices. Dracarys malware was inserted into unofficial versions of applications such as Signal, Telegram, YouTube, and WhatsApp, providing access to location data, user files, call logs, messages, contacts, and images, as well as the ability to install apps. APT36, based in Pakistan, is the second gang of hackers, which has been identified as Transparent Tribe, Earth Karkaddan, Operation C-Major, PROJECTM, and Mythic Leopard. This group has targeted government employees, human rights advocates, military personnel, students, and non-profit organizations in Afghanistan, India, Pakistan, Saudi Arabia, and the United Arab Emirates. This article continues to discuss the two cyberespionage operations stopped by Meta.
CyberIntelMag reports "Meta Stops Two Cyberespionage Activities in South Asia"