Meta Platforms revealed on Thursday that it has taken steps to dismantle the platforms of seven online mercenaries, saying that these mercenaries “indiscriminately” target journalists, dissidents, critics of dictatorships, and opposition in more than 100 countries. Send families and human rights activists to monitor technology amid increasingly rigorous censorship.
To this end, the company Say It warned 50,000 users of Facebook and Instagram that their accounts are being monitored by these companies, which provide various services and run a range of spyware, from hacking tools that infiltrate mobile phones to the creation of fake social media accounts to monitor targets. It also deleted 1,500 Facebook and Instagram accounts associated with these companies.
Four cyber mercenary companies-Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI-are all located in Israel. The list also includes an Indian company called BellTroX, a North Macedonian company called Cytrox, and an unknown entity operating outside of China that is believed to have carried out surveillance activities against minorities in the Asia-Pacific region.
The social media giant stated that it has observed these commercial participants engaging in reconnaissance, participation and exploitation activities to further achieve its surveillance goals. These companies operate a huge network of tools and avatars to describe their goals, use social engineering strategies to establish connections, and ultimately provide malware through phishing campaigns and other technologies that allow them to access or control devices.
Citizen Lab, in Independent report, Disclosed that the iPhones of two exiled Egyptians were hacked in June 2021 using the Predator spyware built by Cytrox. In both cases, the hacker was promoted by sending a click-on link to the target via WhatsApp, which was sent as an image containing the URL.
Although the iOS variant of Predator works by running malware Shortcut automation The Android samples retrieved from the spyware server have the ability to record audio conversations and obtain additional load from the domain controlled by the remote attacker.
Meta’s David Agranovich and Mike Dvilyanski said: “The goal of the global employment surveillance industry is to gather intelligence through the Internet, manipulate them to leak information and destroy their devices and accounts.” “These companies are part of a huge industry that is indiscriminate. Provide intrusive software tools and monitoring services to any customer.”
In related developments, the U.S. Treasury Department Add to Another eight Chinese companies-drone manufacturers DJI, Megvii Technology, and Yitu Co., Ltd.-have been included in the investment blacklist for “actively cooperating with the Chinese government.” [Chinese] The government’s efforts to suppress members of ethnic and religious minorities,” including Muslim minorities in Xinjiang Province.
Following a detailed technical analysis of FORCEDENTRY, Meta’s full-scale crackdown followed. The now patched zero-click iMessage vulnerability was used by the troubled Israeli company NSO Group to monitor journalists, activists, and dissidents around the world .
Google Project Zero (GPZ) researchers Ian Beer and Samuel Groß Call It is “one of the most technically complex vulnerabilities”. It uses many clever strategies to bypass the BlastDoor protection, increase the difficulty of such attacks, and take over the equipment with Pegasus implants.
Specifically, the GPZ survey results pointed out a quirk of how FORCEDENTRY uses iMessage to process GIF images—a vulnerability in the JBIG2 image compression standard used to scan text documents from multifunction printers—to trick the target into opening and loading malicious PDF does not require any action from them.
“NSO is just one part of the broader global cyber mercenary industry,” Agranovich and Dvilyanski added.
After the news came to light, the US government imposed economic sanctions on the spyware supplier. This decision prompted the company to consider shutting down its Pegasus division and making possible sales. “Talks have been held with several investment funds on measures including refinancing or direct sales,” Bloomberg Say In a report published last week.
