Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out “indiscriminate” targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies.
To that end, the company said it alerted 50,000 users of Facebook and Instagram that their accounts were spied on by the companies, who offer a variety of services that run the spyware gamut from hacking tools for infiltrating mobile phones to creating fake social media accounts to monitor targets. It also removed 1,500 Facebook and Instagram accounts linked to these firms.
“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” Meta’s David Agranovich and Mike Dvilyanski said. “These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer.”
Four of the cyber mercenary enterprises — Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI — are based in Israel. Also included in the list is an Indian company known as BellTroX, a North Macedonian named Cytrox, and an unknown entity operating out of China that’s believed to have conducted surveillance campaigns focused on minority groups in the Asia-Pacific region.
The social media giant said it observed these commercial players engaging in reconnaissance, engagement, and exploitation activities to further their surveillance objectives. The companies operated a vast network of tools and fictitious personas to profile their targets, establish contact using social engineering tactics and, ultimately, deliver malicious software through phishing campaigns and other techniques that allowed them to access or take control of the devices.
Citizen Lab, in an independent report, disclosed that two Egyptians living in exile had their iPhones compromised in June 2021 using a new spyware called Predator built by Cytrox. In both instances, the hacks were facilitated by sending single-click links to the targets via WhatsApp, with the links sent as images containing URLs.
images from Hacker News