Cyberespionage attacks leveraging fake Facebook and Instagram accounts have been launched by several advanced persistent threat groups against individuals in South Asia, according to The Hacker News.
Social engineering has been primarily used for the discovered cyberespionage campaigns, a report from Meta showed. Meta reported that it was able to take down 120 Facebook and Instagram accounts used by a Pakistan-based APT operation targeting the Indian military and Pakistani Air Force with the GravityRAT malware, while nearly 110 Facebook and Instagram accounts used by Bahamut APT in Android malware attacks against Indian and Pakistani government workers, military, and activists were also disrupted.
Aside from purging Indian threat operation Patchwork's 50 Facebook and Instagram accounts to compromise targets in India, Pakistan, Sri Lanka, and China, Meta was also able to disrupt six other adversarial networks originating from the U.S., China, Iran, Georgia, Venezuela, Togo, and Burkina Faso.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.