Facebook-parent Meta has announced that it has taken down over 40 accounts of Indian company CyberRoot Risk Advisory for phishing. The company says that these accounts were involved in hacking-for-hire services wherein the hackers tricked people into giving up their credentials of various online accounts. Meta also said that it took down about 900 fake accounts that operated from China and targeted people in India, Myanmar, and more countries.
Instead of directly sharing malware on the company’s apps, including Instagram and Facebook, Meta said that CyberRoot Risk Advisory group’s activity manifested primarily in social engineering and phishing.
How CyberRoot targeted people?
CyberRoot used fake accounts to create fictitious but credible personas and impersonated journalists, business executives and media personalities to gain trust of their victims. In some cases, the group created profiles that were nearly identical to the victims’ friends and family members, with only slightly changed usernames. Then they attempted to trick people into engaging with those fake accounts.
CyberRoot Risk Advisory Private used a marketing tool called Branch to create, manage and track the delivery of phishing links. Once clicked on, these links then redirected people to spoofed domains within this firm’s large network of malicious websites.
Instead of directly sharing malware on the company’s apps, including Instagram and Facebook, Meta said that CyberRoot Risk Advisory group’s activity manifested primarily in social engineering and phishing.
How CyberRoot targeted people?
CyberRoot used fake accounts to create fictitious but credible personas and impersonated journalists, business executives and media personalities to gain trust of their victims. In some cases, the group created profiles that were nearly identical to the victims’ friends and family members, with only slightly changed usernames. Then they attempted to trick people into engaging with those fake accounts.
CyberRoot Risk Advisory Private used a marketing tool called Branch to create, manage and track the delivery of phishing links. Once clicked on, these links then redirected people to spoofed domains within this firm’s large network of malicious websites.
CyberRoot Risk Advisory group “used a very similar playbook as another surveillance-for-hire firm we removed in 2021 named BellTroX” that appears to have ceased operations on the company’s technologies. Citing multiple reports, Meta says that CyberRoot used to support and work with BellTroX in the past.
As part of their phishing campaigns, the group even spoofed domains of major email providers, video conferencing and file sharing tools. These include Gmail, Zoom, Facebook, Dropbox, Yahoo, and OneDrive. The group then used these domains for stealing login credentials to the victims’ online accounts on these services.
“Our investigation found CyberRoot target people around the world, working in a wide range of industries including cosmetic surgery and law firms in Australia, real-estate and investment companies in Russia, private equity firms and pharmaceutical companies in the US, environmental and anti-corruption activists in Angola, gambling entities in the UK, and mining companies in New Zealand,” the company notes in the report.
Meta says that these groups were focused on targeting business executives, lawyers, doctors, activists, journalists and members of the clergy in countries like Kazakhstan, Djibouti, Saudi Arabia, South Africa and Iceland. “Our investigation corroborates the assessment by investigative journalists at Reuters that this group often targeted people involved in litigation, likely on behalf of law firms,” Meta said.
The Mark Zuckerberg-led company says it blocked the group’s domain infrastructure, shared the findings with industry peers and security researchers. It is also taking further steps such as sharing threat indicators “to help inform further research and detection of this malicious activity across the internet.”
900 fake accounts targeted Indians
Meta also claimed that it took down a network of about 900 fake accounts on Instagram and Facebook operated from China. This “unattributed entity” used a wide network of proxies in an attempt to make their accounts appear authentic seemingly by automated posting and friending activity.
“Our investigation found this entity’s scraping activity to focus on people in Myanmar, India, Taiwan, the US, and China, including military personnel, pro-democracy activists, government employees, politicians and journalists,” Meta said.
Data of 500 million WhatsApp users leaked, How to check if you’re WhatsApp data is at risk
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
