Meta acted against APT Groups

Meta has acted against two cyber espionage operations in South Asia namely Bitter APT and APT36, respectively.

In an announcement in its Quarterly Adversarial Threat Report, Second Quarter 2022, published last week it has provided insight into the risks evolved worldwide and across multiple policy violations, particularly those perpetrated by those two hacking groups.

Advertisements

We took action against a group of hackers known as Bitter APT that operated out of South Asia, and targeted people in New Zealand, India, Pakistan and the United Kingdom
Meta report

Meta said that Bitter APT was relatively low in sophistication and operational security, it was persistent and well-resourced. The group would have used various link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware.

Bitter would have used a mix of social engineering, an iOS application, an Android malware Meta called Dracarys, and adversarial adaptation.

As for as APT36 concerned, the investigation connected this activity to state-linked actors in Pakistan. It targets people in Afghanistan, India, Pakistan, UAE, and Saudi Arabia, including military personnel, government officials, employees of human rights and other non-profit organizations and students.

Meta said APT36’s TTP were relatively low in sophistication. The group was persistent and targeted several services across the internet, including email providers, file-hosting services, and social media.

APT36 is an example of a global trend, where low-sophistication groups choose to rely on openly available malicious tools, rather than invest in developing or buying sophisticated offensive capabilities.