Cyber-espionage campaigns targeting military personnel in South Asia, Meta warns
State-linked hackers in Pakistan have been spying on military personnel in India and the Pakistan Air Force using fake apps and websites to compromise their personal devices, Meta announced on Wednesday.
The espionage campaign is one of three operations in South Asia described in Meta’s quarterly adversarial threat report, alongside activities by the Bahamut and Patchwork advanced persistent threat (APT) groups, all of which appear to have an intelligence-gathering focus. The company did not give the Pakistan-based group a name.
The three operations “relied heavily on social engineering” and saw hacker groups create fake accounts with “elaborate fictitious personas with backstops across the internet so they can withstand scrutiny by their targets, platforms and researchers.”
Meta said while the Pakistan-based group used traditional lures to trick victims — for instance posing as women seeking romantic connections — some of the accounts were pretending to be recruiters, journalists or military personnel.
The company assesses that the focus on socially engineering targets into clicking on malicious links or sharing sensitive information with a fake persona is allowing the Pakistan-based hacking group to avoid investing in developing sophisticated malware.
The researchers found that “cheaper, low-sophistication malware can be highly effective in targeting people when used together with social engineering.”
Some of the custom desktop apps that the hackers had developed were not themselves malicious, but were used to subsequently send malware directly to targets.
The hacking group, which is known in the industry for its use of the GravityRAT spyware — as detailed by Cisco and Kaspersky — has been operational since 2015, said Meta.
Bahamut and Patchwork
Another hacking group known as Bahamut APT was identified targeting people in Pakistan and India, including the Kashmir region, with a particular interest in military personnel, government employees and activists.
It “maintained a range of fictitious personas in an attempt to socially engineer people throughout South Asia into providing information or compromising their mobile devices,” according to Meta, which said it took action against 110 accounts on Facebook and Instagram linked to the hacking group.
It is not known who is behind the Bahamut operation.
May 2023
Source. The Record