Meta, Facebook’s parent company, recently took down two cyberespionage campaigns across its social media platforms. These campaigns were being operated by Bitter APT and Transparent Tribe threat groups. Both gangs have been operating out of South Asia.

Bitter APT

  • Bitter APT or T-APT-17 was the first group identified, which targeted organizations in the government, engineering, and energy sectors. 
  • The group performed social engineering against targets located in India, the U.K, New Zealand, and Pakistan.
  • It used an amalgamation of compromised sites, URL shortening services, and third-party file hosting providers to deploy malware in target machines. 
  • The hackers impersonated activists, journalists, and young women to connect with their victims and trick them.
  • Bitter, furthermore, used a new Android spyware dubbed Dracarys, which exploits accessibility services.

Transparent Tribe

  • Also known as APT36, Transparent Tribe is less sophisticated than Bitter APT. It leverages social engineering tactics and readily available malware. 
  • Its latest activity targeted people in India, Pakistan, Afghanistan, Saudi Arabia, and the UAE. The campaign mainly focused on human rights activists and military officials.
  • The hackers posed as recruiters for fictitious and legitimate companies, young women, or military personnel.

The bottom line

Social media has become a hotspot for cybercriminals from all domains. Cyberspies use these platforms to collect intelligence and lure victims to external sites to download malware. Therefore, users are urged to be cautious when befriending strangers online.
Cyware Publisher

Publisher

Cyware