In the wake of mounting scrutiny of surveillance technologies, Meta Platforms announced on Thursday that it had taken steps to deplatform seven cyber mercenaries who it said targeted journalists, dissidents, critics of authoritarian regimes, opposition families, and human rights activists in over 100 countries “indiscriminately.”
To that purpose, the business said it notified 50,000 Facebook and Instagram users that their accounts had been spied on by the organizations, which sell a variety of spyware services ranging from mobile phone hacking tools to building phony social media accounts to watch targets. It also deactivated 1,500 accounts linked to these companies on Facebook and Instagram.
According to Meta’s David Agranovich and Mike Dvilyanski, “the global surveillance-for-hire sector targets people across the internet to collect intelligence, influence them into exposing information and breach their devices and accounts.” “These businesses are part of a large industry that sells intrusive software.” Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI are four of the cyber mercenary companies established in Israel. An Indian firm called BellTroX, a North Macedonian organization Cytrox, and an unknown Chinese entity thought to have launched surveillance activities targeting minority groups in the Asia-Pacific area are also on the list.
These commercial players were detected engaged in reconnaissance, engagement, and exploitation actions to further their monitoring objectives, according to the social media giant. The organizations used a large network of tools and false identities to profile their targets, make contact using social engineering techniques, and then deploy malicious software via phishing campaigns and other approaches, allowing them to gain access to or control of the machines.
In an independent analysis, Citizen Lab revealed that in June 2021, two Egyptians living in exile had their iPhones hacked using new spyware dubbed Cytrox created the Predator. The hacks were made easier in both cases by delivering single-click links to the targets over WhatsApp, which were supplied as photos with URLs.
While the iOS variant of Predator works by automating a malicious shortcut fetched from a remote server, the Android samples discovered by Citizen Lab offer the ability to record audio chats and retrieve additional payloads from a remote server in a domain controlled by a remote attacker. Apple devices were running iOS 1 .6, the latest version of the mobile operating system at the time of the hack, demonstrating the militarization of an unprecedented form of exploitation targeting iPhones. It is not yet clear whether the company has patched the security hole or not.
“Targeting a single individual with both Pegasus and Predator underscores that civil society hacking surpasses that of any particular spyware company,” researchers at Citizen Lab said. “Instead, it’s a model that we hope will last as long as autocratic governments can acquire sophisticated hacking technology. In the absence of national and international regulations and safeguards, journalists, human rights defenders, and opposition groups will continue to be attacked for the foreseeable future. “In a related development, the US Treasury Department added eight other Chinese companies – drone maker DJI Technology, Megvii, and Yitu Limited, among others – to its investment block list. to “actively cooperate with [Chinese government] efforts to crack down on members of ethnic and religious minorities,” including Muslim minorities in Xinjiang province.
Meta’s comprehensive crackdown also follows a detailed technical analysis by FORCED ENTRY, the now patched zero-CLI iMessage exploit used by Israeli company NSO Group to spy on journalists activists ad dissidents around the world.
Google Project Zero (GPZ) researchers Ian Beer and Samuel Groß call it “one of the most technically sophisticated exploits” that employs several clever tactics to bypass BlastDoor protections deployed added to make such attacks more difficult and in charge of devices that install Pégase implants.
Specifically, the GPZ findings show how FORCED ENTRY exploited an oddity in iMessage’s GIF handling – a flaw in the JBIG2 image compression standard used to scan text documents from a multifunction printer – to trick the target into opening and loading a malicious PDF file without requiring any of their actions. , “NSOs are just one part of a much larger global internet commerce industry,” added Agranovich and Dvilyanski.
Following the revelations, the US government imposed economic sanctions on the spyware supplier, a move that has since prompted the company to consider shutting down its Pegasus unit and potentially selling it. . “Discussions have taken place with several hedge funds about moves that include refinancing or an outright sale,” Bloomberg said in a report published last week.