US-based multinational technology conglomerate, Meta has banned a series of ‘cyber mercenary’ groups and began alerting some 50,000 users likely targeted by the firms accused of spying.
Meta took down 1,500 Facebook and Instagram pages linked to groups with services allegedly ranging from scooping up public information online to using fake personas to build trust with targets or digital snooping via hack attacks.
According to a post from the company, the targets included journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists. The social media giant has started warning about 50,000 people it believes may have been targeted in more than 100 nations by firms.
The Facebook parent said it deleted accounts tied to Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI, all of which were based or founded in Israel. India-based BellTroX, North Macedonian firm Cytrox, and an unidentified entity in China also saw accounts linked to them removed from the platforms.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer, regardless of who they target or the human rights abuses they might enable,” Meta’s Director of Threat Disruption, Mr. David Agranovich, and Head of Cyber Espionage Investigations, Mr. Mike Dvilyanski, wrote in the post.
Firms selling “Web intelligence services” start the surveillance process by gathering information from publicly available online sources. Cyber mercenaries then set up fake accounts on social media sites to glean information from people’s profiles and even join groups or conversations to learn more, Meta investigators said.
Another tactic is to win a target’s trust on a social network and then trick the person into clicking on a booby-trapped link or file that installs software that can then steal information from whatever device they use to go online. Then the mercenary can steal data from a target’s phone or computer, as well as silently activate microphones, cameras and tracking.
Bluehawk, one of the targeted firms, sells a wide range of surveillance activities, including managing fake accounts to install malicious code, the Meta report said. Some fake accounts linked to Bluehawk posed as journalists from media outlets such as Fox News in the US and La Stampa in Italy.
While Meta was not able to pinpoint who was running the unnamed Chinese operation, it traced “command and control” of the surveillance tool involved to servers that appeared to be used by law enforcement officials in China.