Meta has identified and interrupted multiple spyware networks and fake news operations spanning across several countries, according to the “Q4 2023 Adversarial Threat Report.” This report comes after the company signed the Pall Mall initiative, aiming to combat the growing commercial spyware industry. The report delves into how fake news operations, particularly those from Russia, have diminished, but commercial surveillance is on the rise, using fake social media accounts to collect information about targets and persuade them into downloading powerful cross-platform spying tools.
One of the key traits of the current spyware ecosystem noted in the report is the concealing of pseudo-legal vendors through layered corporate ownership structures. For example, Cy4Gate, an Italian spy-for-hire company, is owned by the defense contractor ELT Group. The company has been observed extracting information about targets via fake social media accounts with AI-generated profile photos, and previously operated a WhatsApp phishing site. It then goaded victims into downloading a Trojanized version of the app for iOS, capable of siphoning photos, emails, SMS, and more. Additionally, Cy4Gate owns another firm called RCS Labs, which targets activists, journalists, and young women in Azerbaijan, Kazakhstan, and Mongolia by impersonating them to gather contact information or lure victims into clicking on malicious links.
Furthermore, spyware customers who are also attackers often utilize multiple tools as part of their attack chain, and surveillance companies commonly use social media platforms as a testing ground for their exploits. Meta observed companies like Variston IT, Mollitiam Industries, Negg Group, and TrueL IT using social media accounts to test the delivery of their spyware.
To defend against these types of companies, Smith recommends that organizations adopt mobile threat defense and mobile app vetting as part of their mobile security strategy to identify and defend against malware, phishing, permissions abuse, and the overall threat landscape of mobile devices irrespective of the operating system.
In addition to the spyware networks, Meta’s report highlighted the takedown of three fake news networks, also known as “coordinated inauthentic behavior” (CIB). One of these networks originated from China and targeted U.S. audiences by posing as anti-war activists and members of American military families, while another came from Myanmar and targeted local citizens. A third cluster operating in Ukraine targeted individuals in both Ukraine and Kazakhstan.
Notably, none of these networks originated in Russia, the leading orchestrator of CIB networks, as posting by Russian state-controlled media has declined significantly. Despite this, the report issued a warning that reputable opinion-makers should exercise caution before amplifying information from unverified sources, particularly ahead of major elections.
Overall, Meta’s report sheds light on the ongoing threat posed by spyware networks and fake news operations, emphasizing the need for enhanced cybersecurity measures and vigilance against disinformation and online manipulation.