New Delhi, Aug 5 : Meta (formerly Facebook) has taken on an operation of cyber espionage that was attributed to state-sponsored criminals in Pakistan which targeted individuals in India including officials from the military and government, with various methods like honey trapping their devices and infiltrating them with malware.In addition to India Apart from India, the group of hackers in Pakistan — referred to in the field of security as APT36 was able to target individuals in Afghanistan, Pakistan, the UAE and Saudi Arabia, according to Meta’s quarterly “Adversarial Threat Report’.
“Our investigation has linked this particular operation to actors linked to the state in Pakistan,” Meta said.
The group’s activities were persistent and targeted a variety of services on the Internet including email providers to file hosting services, and even social media.
“APT36 employed various techniques to target online users with social engineering in order to get their devices infected with malware.They employed a mix of camouflaged and malicious links, as well as fake apps to spread their malware to Android and Windows-based devices.” the social network was warning.
APT36 employed fake personaspretending to be recruiters for legitimate and fake businesses military personnel, as well as attractive young women looking to establish an intimate connection in an attempt to establish confidence with the individuals they targeted.
The group employed a broad variety of strategies using various tactics, including the use of customized infrastructure, to distribute their malware.
“Some of these domains masqueraded as photo-sharing websites or apps, while some used fake domain names of real companies such as Google Play Store, Microsoft’s OneDrive, Google Play Store, Microsoft’s OneDrive as well as Google Drive,” said the Meta report.
Furthermore, this group also used common file-sharing platforms like WeTransfer to host malware on brief time periods of time.
The actors from Pakistan also employed link-shortening services to hide malicious URLs.
They made use of social media cards and preview sites online tools employed in marketing to customize the image that is displayed when a URL is shared via social mediato hide redirection and the ownership of domains controlled by APT36.
“APT36 did not directly distribute malware through our platforms, but instead employed the strategy to distribute dangerous links to websites they controlled, and also to sites that host malware.” Meta said.Meta.
In several instances this group utilized an altered version of the standard Android malware dubbed “XploitSPY,” which is which is available on Github.
While ‘XploitSPY’ is believed to originate from an organization of self-declared ethical hackers in India, APT36 made modifications to it in order to create the new malware variant “LazaSpy.”.
Meta discovered that in this latest attack, APT36 had also trojanised (non-official) versions of WhatsApp, WeChat and YouTube with another malware that is a commodity family known as Mobzsar or CapraSpy.
“Both malware families have the capability of accessing contact logs, call logs, texts, files geolocation, device information photographs, and even the ability to activate microphones,” said the report.
Meta also wiped out brigading networks in India as well as a massive report network in Indonesia and coordinated network that violated the law in Greece, India, and South Africa.
Brigading is an approach that lets groups of individuals work together to harass individuals on Meta platforms in an attempt to silence and intimidate them.
na/vd
