Meta Takes Action Against APT and Cybercrime Groups on Facebook and Instagram

Facebook parent company Meta recently revealed that it had thwarted the activity of three advanced persistent threat groups (APTs) in South Asia, which were engaged in cyber espionage, as well as six adversarial groups from various global regions engaged in “inauthentic behavior” on Facebook and other social networks. The company’s takedown of these and other activities on its platforms is indicative of a persistent, globally dispersed exploitative behavior from threat actors who leverage various online platforms to create elaborate social-engineering campaigns to lure and exploit Internet users. In most of the cases, threat actors use Facebook and other social media platforms to create fake online accounts and personas to engage in malicious threat activity.

Stopping South Asia APTs

As part of its security response, Meta took down various accounts to disrupt three networks associated with South Asian APTs targeting various users in the region. Specifically, the company took action against about 120 accounts on Facebook and Instagram linked to a low-sophistication hacking group connected to state-linked actors in Pakistan. Meta also removed about 110 accounts on Facebook and Instagram linked to an APT identified as Bahamut that was targeting people in Pakistan, India, including the Kashmir region. Meta also targeted another India-based threat group, Patchwork APT, by taking down about 50 accounts on Facebook and Instagram linked to its activity. The group targeted people in Pakistan, India, Bangladesh, Sri Lanka, the Tibet region, and China.

Identifying Coordinated Inauthentic Behavior (CIB)

Meta has also reacted to a series of geographically dispersed activity on its platforms that it calls coordinated inauthentic behavior (CIB), defined as “coordinated efforts to manipulate public debate for a strategic goal, in which fake accounts are central to the operation.” The company removed hundreds of Facebook accounts, various Pages and Groups, as well as Instagram accounts, depending on the region, for networks of CIBs that originated and operated in different countries. The bulk of the networks that Facebook removed could be legitimate commercial entities, including an IT company in China, a marketing firm in the United States, and a political marketing consultancy in Africa.

A Broader Whole-of-Society Approach to Security

To prevent this activity and cyberattacks that stem from it, it’s becoming increasingly clear that it’s not merely enough for Meta and other internet companies to monitor their own respective platforms and inform users and businesses of malicious activity. “We’re offering the sort of broader whole-of-society response because compromise often occurs outside of our apps and services,” said Nathaniel Gleicher, head of security policy at Meta. Therefore, as part of its work to combat this activity, Meta also plans to empower businesses with a new tool it will release later this year to help them identify malicious activity as well as malware being used by the threat groups on their platforms.

Recommendations

The persistence of these attackers inspired this wider approach to security by Meta and prompts businesses to be proactive. One of the key pieces to this work is learning from innovation and improving security products with each new disruption. Businesses should increase their awareness of these APT threats and remain vigilant, keeping their software up to date and paying close attention to social engineering techniques often used to lure employees by attackers. It is also essential that businesses make sure their security teams are adequately trained and have the necessary tools and resources to prevent cyber-attacks and respond to them if they do occur.

Cybersecurity–Meta,APT,Cybercrime,Facebook,Instagram,Security,OnlineSafety,Cybersecurity