In the second quarter of 2022, Meta Platforms, which runs Facebook, shut down several accounts that were found to be operated by APT36, a Pakistan-backed hacker group that was targeting Indians through bogus accounts.
The social media giant also shut down thousands of accounts that were found to be indulging in targeted harassment on grounds of religion or gender. Facebook released its Quarterly Adversarial Report earlier this week, and India features prominently in it.
The most significant development between April and June 2022 was the action taken against APT36, a hacker group that is also known as Transparent Tribe and Mythic Leopard.
India has been at the top of its list of targets, and The Free Press Journal had on July 18 reported how APT36 was trying to target Indian students and educational institutions through a cyber-espionage campaign. “Our investigation connected this activity to state-linked actors in Pakistan,” Facebook’s report said.
“While this group’s activity was relatively low in sophistication, it was persistent and targeted many services across the internet – from email providers to file-hosting services to social media. APT36 used various malicious tactics to target people online with social engineering to infect their devices with malware.”
The objectives behind APT36’s activities seem to be anything from espionage through honey-trapping or impersonation to malware distribution.
“APT36 didn’t directly share malware on our platforms, but used the above tactics to share malicious links to sites they controlled and where they hosted malware,” Facebook said, adding that similar action was taken against another hacker group, Bitter, which was indulging in similar activities against users from several countries, including India.
Meanwhile, Facebook also took action against a ‘brigading’ network of around 300 accounts. Brigading refers to collectively attacking a single target online through any and all social media platforms that the target is using.
“On our apps, the individuals behind this activity relied on a combination of authentic and duplicate accounts — many of which were disabled for violating our rules against hate speech and harassment by our scaled, automated systems,” Facebook said in its report.
“These accounts would call on others to harass people who posted content that this group deemed offensive to Hindus. The members of this network would then post high volumes of negative comments under the targets’ posts. In response, some people would hide or delete their posts leading to celebratory comments claiming a ‘successful raid’."
Similarly, around 2,000 accounts, pages and groups on Facebook and Instagram, which targeted women through sexual content and harassment, were removed.
“The people behind each cluster of activity used authentic and duplicate accounts to manage Pages and Groups and flock to female users’ accounts with uninvited content, including nudity, sexual solicitation and hate speech. In at least one case, an account targeted at least 700 people,” the report said.