Thursday, March 28, 2024

Facebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities

Bangladesh and Vietnam based hackers were caught by Facebook recently for hacking into its users’ accounts and taking control of the pages. APT32, a Vietnamese group, and an unnamed Bangladeshi group were the groups that had gained unauthorized access to people’s accounts across the social media platform.

The operation from Bangladesh primarily focused on compromising the integrity of accounts across the social media platform and had targeted local activists, journalists, and religious minorities, including those living abroad, whereas the agenda of the Vietnamese group was to spread malware to its targets.

The social media giant’s investigation had traced this activity back to two non-profit organizations in Bangladesh, namely Don’s Team a.k.a Defense Of Nation and CRAF (Crime Research and Analysis Foundation).

The two teams had falsely reported people on the platform for inappropriate content including impersonation, IP infringements, nudity, and terrorism, read the announcement issued by Nathaniel Gleicher, Facebook’s Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

The compromised accounts were used for the organisations’ own operational activity including propagating their content. There was atleast one instance where the page’s admin account was compromised and the page was deleted.

To put a stop to this malicious activity, Facebook removed the accounts behind this operation.

APT32 Group

APT32 an advanced persistent threat actor targeted Vietnamese human rights activists locally and those living abroad, various foreign governments including Laos and Cambodia, NGOs, news agencies and a number of other businesses. Facebook’s most recent investigation revealed a host of tactics and techniques including:

  • Social engineering: APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted. These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.
  • Malicious Play Store apps: In addition to using Pages, APT32 lured targets to download Android applications through Google Play Store that had a wide range of permissions to allow broad surveillance of peoples’ devices.
  • Malware propagation: APT32 compromised websites and created their own to include obfuscated malicious javascript as part of their watering hole attack to track targets’ browser information. A watering hole attack is when hackers infect websites frequently visited by intended targets to compromise their devices. As part of this, the group built custom malware capable of detecting the type of operating system a target uses (Windows or Mac) before sending a tailored payload that executes the malicious code. Consistent with this group’s past activity, APT32 also used links to file-sharing services where they hosted malicious files for targets to click and download. Most recently, they used shortened links to deliver malware. Finally, the group relied on Dynamic-Link Library (DLL) side-loading attacks in Microsoft Windows applications. They developed malicious files in exe, rar, rtf and iso formats, and delivered benign Word documents containing malicious links in text.

Facebook has advised all to remain vigilant and take appropriate measures to protect their accounts, including avoid clicking on suspicious links and visiting suspicious websites, and downloading software from untrusted sources.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

The Importance of Cybersecurity in The Post-COVID-19 World

Hackers Using COVID-19 Training Lure to Attack Office 365 Users

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles