: Meta shuts Pakistan hackers targeting Indian officials via honey trapping, malware #IndiaNEWS #India New Delhi: Meta (formerly Facebook) has cracked down on a cyber espionage operation linked to state-sponsored

Meta shuts Pakistan hackers targeting Indian officials via honey trapping, malware #IndiaNEWS #India
New Delhi: Meta (formerly Facebook) has cracked down on a cyber espionage operation linked to state-sponsored bad actors in Pakistan that targeted people in India, including military personnel and government officials, with various methods like honey trapping and infiltrating their devices with malware.
Apart from India, the group of hackers in Pakistan known in the security industry as APT36 targeted people in Afghanistan, Pakistan, the UAE and Saudi Arabia, according to Metas quarterly Adversarial Threat Report.
Our investigation connected this activity to state-linked actors in Pakistan, Meta said.
The groups activity was persistent and targeted many services across the Internet from email providers to file-hosting services to social media.
APT36 used various malicious tactics to target people online with social engineering to infect their devices with malware. They used a mix of malicious and camouflaged links, and fake apps to distribute their malware targeting Android and Windows-run devices, the social network warned.
APT36 used fictitious personas posing as recruiters for both legitimate and fake companies, military personnel or attractive young women looking to make a romantic connection in an attempt to build trust with the people they targeted.
The group deployed a wide range of tactics, including the use of custom infrastructure, to deliver their malware.
Some of these domains masqueraded as photo-sharing websites or generic app stores, while others spoofed the domains of real companies like the Google Play Store, Microsofts OneDrive, and Google Drive, said the Meta report.
Additionally, this group used common file-sharing services like WeTransfer to host malware for short periods of time.
The Pakistan-based actors also used link-shortening services to disguise malicious URLs.
They used social cards and preview sites online tools used in marketing to customise what image is displayed when a particular URL is shared on social media to mask redirection and ownership of domains APT36 controlled.
APT36 didnt directly share malware on our platforms, but rather used the tactics to share malicious links to sites they controlled and where they hosted malware, said Meta.
In several cases, this group used a modified version of commodity Android malware known as XploitSPY available on Github.
While XploitSPY appears to have been originally developed by a group of self-reported ethical hackers in India, APT36 made modifications to it to produce a new malware variantAcalled LazaSpy.
Meta found that in this recent operation, APT36 had also trojanised (non-official) versions of WhatsApp, WeChat and YouTube with another commodity malware family known as Mobzsar or CapraSpy.