Meta, the parent company of Facebook, recently uncovered a new social media espionage campaign. Cyber criminals launched social engineering attacks on Facebook and Instagram users by asking them to click on malevolent links, download malware, or share personal details. The campaign was conducted at a high level and remained concealed from many app verification software programs on Apple and Android devices.
Three different threat actors were involved in this campaign, targeting users from South Asian countries such as India, Bangladesh, Pakistan, Maldives, Sri Lanka, Nepal, Bhutan, Afghanistan, and others. Fake accounts created by impersonating beautiful women were taken down, and those who were contacted by criminals in the name of journalists, recruiters, or romance seekers were also taken down.
The threat actors behind the campaign included the Iran-based cyber hacking group Bahamut, Indian threat actor named Patchwork, and two state-funded actors from China. It is unclear why the threat actors focused their campaign on South Asian countries, but some threat analysts say that all the countries targeted were either developing or lowly developed nations, where law enforcement is not much capable of detecting such attacks promptly.
It is important to be cautious when using social media and to avoid clicking on links sent by unknown connections and downloading apps from unofficial web resources. The risks of cyber attacks are real, and it is crucial to stay informed and vigilant to protect personal and sensitive information.