Meta Pulls Down Spyware Network Run By Indian Company With Over 40 Accounts On Instagram, Facebook
Meta has taken down a spyware network run by Indian firm CyberRoot Risk Advisory that had more than 40 accounts on Instagram and Facebook.
Social networking giant Meta has taken down a spyware network run by Indian firm CyberRoot Risk Advisory that had more than 40 accounts on Instagram and Facebook. The surveillance-for-hire company used to lure users globally into phishing and to spy on them for its clients. CyberRoot Risk Advisory was among the most active and persistent groups active online across social platforms owned by Meta as well as other social media intermediaries, Meta noted in its threat report on the surveillance-for-hire industry.
This comes amid Meta's findings on threat research, which show that the global surveillance-for-hire industry continues to grow and indiscriminately target people -- including journalists, activists, litigants and political opposition -- to collect intelligence, manipulate and compromise their devices and
accounts across the internet.
"Indian firm called CyberRoot Risk Advisory Private used a marketing tool called Branch to create, manage and track the delivery of phishing links, likely to obfuscate their origin and take advantage of the benefits provided by commercial marketing services. Once clicked on, these links would then redirect
people to spoofed domains within this firm’s large network of malicious websites," Mike Dvilyanski, Head of Advanced Threat Investigations, Margarita Franklin, Director of Public Affairs, Security and David Agranovich, Director, Threat Disruption at Meta said in a statement.
The Haryana-based company used fake accounts to create fictitious personas tailored to gain trust with the people they targeted globally. To appear more credible, these personas impersonated journalists, business executives and media personalities.
"In some cases, the company also created accounts that were nearly identical to accounts connected to their targets like their friends and family members, with only slightly changed usernames, likely in an attempt to trick people into engaging," Dvilyanski, Franklin and Agranovich explained.
As part of their phishing campaigns, the company also spoofed domains of major email providers, video conferencing and file sharing tools, including Gmail, Zoom, Facebook, Dropbox, Yahoo, OneDrive and targets’ corporate email servers. These domains were used for stealing login credentials to
the victims’ online accounts on these services.
Top Headlines
