Instead of directly sharing malware on the company’s apps, including Instagram and Facebook, Meta said that CyberRoot Risk Advisory group’s activity manifested primarily in social engineering and phishing.
How CyberRoot targeted people?
CyberRoot used fake accounts to create fictitious but credible personas and impersonated journalists, business executives and media personalities to gain trust of their victims. In some cases, the group created profiles that were nearly identical to the victims’ friends and family members, with only slightly changed usernames. Then they attempted to trick people into engaging with those fake accounts.
CyberRoot Risk Advisory Private used a marketing tool called Branch to create, manage and track the delivery of phishing links. Once clicked on, these links then redirected people to spoofed domains within this firm’s large network of malicious websites.
CyberRoot Risk Advisory group “used a very similar playbook as another surveillance-for-hire firm we removed in 2021 named BellTroX” that appears to have ceased operations on the company’s technologies. Citing multiple reports, Meta says that CyberRoot used to support and work with BellTroX in the past.
As part of their phishing campaigns, the group even spoofed domains of major email providers, video conferencing and file sharing tools. These include Gmail, Zoom, Facebook, Dropbox, Yahoo, and OneDrive. The group then used these domains for stealing login credentials to the victims’ online accounts on these services.
“Our investigation found CyberRoot target people around the world, working in a wide range of industries including cosmetic surgery and law firms in Australia, real-estate and investment companies in Russia, private equity firms and pharmaceutical companies in the US, environmental and anti-corruption activists in Angola, gambling entities in the UK, and mining companies in New Zealand,” the company notes in the report.
Meta says that these groups were focused on targeting business executives, lawyers, doctors, activists, journalists and members of the clergy in countries like Kazakhstan, Djibouti, Saudi Arabia, South Africa and Iceland. “Our investigation corroborates the assessment by investigative journalists at Reuters that this group often targeted people involved in litigation, likely on behalf of law firms,” Meta said.
The Mark Zuckerberg-led company says it blocked the group’s domain infrastructure, shared the findings with industry peers and security researchers. It is also taking further steps such as sharing threat indicators “to help inform further research and detection of this malicious activity across the internet.”
900 fake accounts targeted Indians
Meta also claimed that it took down a network of about 900 fake accounts on Instagram and Facebook operated from China. This “unattributed entity” used a wide network of proxies in an attempt to make their accounts appear authentic seemingly by automated posting and friending activity.
“Our investigation found this entity’s scraping activity to focus on people in Myanmar, India, Taiwan, the US, and China, including military personnel, pro-democracy activists, government employees, politicians and journalists,” Meta said.
Data of 500 million WhatsApp users leaked, How to check if you’re WhatsApp data is at risk
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
