Connect with us

News

Lankans victim of India based cyber espionage?

Published

on

Sri Lanka is among the south Asian nations where people’s data had been harvested by an India-based threat actor dubbed Patchwork, says the Hacker News.

It said that the Meta has uncovered massive social media cyber espionage operations across South Asia, adding that three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks.

 “Each of these advanced persistent threats (APTs) relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet,” Guy Rosen, chief information security officer at Meta, said. “This investment in social engineering meant that these threat actors did not have to invest as much on the malware side.”

The fake accounts, in addition to using traditional lures like women looking for a romantic connection, masqueraded as recruiters, journalists, or military personnel.

At least two of the cyber espionage efforts entailed the use of low-sophistication malware with reduced capabilities, likely in an attempt to get past app verification checks established by Apple and Google.

 One of the groups that came under Meta’s radar is a Pakistan-based advanced persistent threat (APT) group that relied on a network of 120 accounts on Facebook and Instagram and rogue apps and websites to infect military personnel in India and among the Pakistan Air Force with GravityRAT under the guise of cloud storage and entertainment apps.

The tech giant also expunged about 110 accounts on Facebook and Instagram linked to an APT identified as Bahamut that targeted activists, government employees, and military staff in India and Pakistan with Android malware published in the Google Play Store. The apps, which posed as secure chat or VPN apps, have since been removed.

Lastly, it purged 50 accounts on Facebook and Instagram tied to an India-based threat actor dubbed Patchwork, which took advantage of malicious apps uploaded to the Play Store to harvest data from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, and China.

Also disrupted by meta are six adversarial networks from the U.S., Venezuela, Iran, China, Georgia, Burkina Faso, and Togo that engaged in what it called “coordinated inauthentic behavior” on Facebook and other social media platforms like Twitter, Telegram, YouTube, Medium, TikTok, Blogspot, Reddit, and WordPress.

All these geographically dispersed networks are said to have set up fraudulent news media brands, hacktivist groups, and NGOs to build credibility, with three of them linked to a U.S.-based marketing firm named Predictvia, a political marketing consultancy in Togo known as the Groupe Panafricain pour le Commerce et l’Investissement (GPCI), and Georgia’s Strategic Communications Department.

Two networks that originated from China operated dozens of fraudulent accounts, pages, and groups across Facebook and Instagram to target users in India, Tibet, Taiwan, Japan, and the Uyghur community.

In both instances, Meta said it took down the activities before they could “build an audience” on its services, adding it found associations connecting one network to individuals associated with a Chinese IT firm referred to as Xi’an Tianwendian Network Technology.

The network from Iran, per the social media giant, primarily singled out Israel, Bahrain, and France, corroborating an earlier assessment from Microsoft about Iran’s involvement in the hacking of the French satirical magazine Charlie Hebdo in January 2023.

“The people behind this network used fake accounts to post, like and share their own content to make it appear more popular than it was, as well as to manage Pages and Groups posing as hacktivist teams,” Meta said. “They also liked and shared other people’s posts about cyber security topics, likely to make fake accounts look more credible.”

The disclosure also coincides with a new report from Microsoft, which revealed that Iranian state-aligned actors are increasingly relying on cyber-enabled influence operations to “boost, exaggerate, or compensate for shortcoming in their network access or cyberattack capabilities” since June 2022.

The Iranian government has been linked by Redmond to 24 such operations in 2022, up from seven in 2021, including clusters tracked as Moses Staff, Homeland Justice, Abraham’s Ax, Holy Souls, and DarkBit. Seventeen of the operations have taken place since June 2022.

The Windows maker further said it observed “multiple Iranian actors attempting to use bulk SMS messaging in three cases in the second half of 2022, likely to enhance the amplification and psychological effects of their cyber-influence operations.”

The shift in tactics is also characterized by the rapid exploitation of known security flaws, use of victim websites for command-and-control, and adoption of bespoke implants to avoid detection and steal information from victims.

The operations, which have singled out Israel and the U.S. as a retaliation for allegedly fomenting unrest in the nation, have sought to bolster Palestinian resistance, instigate unrest in Bahrain, and counter the normalization of Arab-Israeli relations.



Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

Ms. U. L. Mathisha Jinanjalie Jayathilake, appointedto the post of Commissioner, Department of Probation and Child Protection Services

Published

on

By

The Cabinet of Ministers approved the resolution furnished by the Minister of Women and Child Affairs to appoint Ms. U. L. Mathisha Jinanjalie Jayathilake, the officer in Grade I of Sri Lanka Administrative Service to the post of the Commissioner at the Department of Probation and Child Protection Services with immediate effect.

Continue Reading

Latest News

Commander of the Navy pays courtesy call on Speaker of the Parliament

Published

on

By

The Commander of the Navy, Vice Admiral Damian Fernando paid a courtesy call on the Speaker of the Parliament, Dr Jagath Wickramaratne at the Office of the  Speaker, today (7 July
2026).

The meeting marked the Commander of the Navy’s first official interaction with the Speaker following his assumption of command of the Sri Lanka Navy. During the cordial discussion, they exchanged views on the Navy’s role in matters of national importance.

The formal meeting drew to a close with an exchange of mementoes, signifying the importance of the occasion.

Continue Reading

News

Prison mayhem leaves at least 26 dead; five officers killed in revenge violence

Published

on

Police and STF personnel rushing an injured prison officer to an ambulance after yesterday’s clash at the Negombo Prison.

At least 26 people, including five prison officers and 20 inmates, have been confirmed dead following violent unrest at Negombo Prison, hospital sources said yesterday, as authorities struggled to restore full control over the facility.

According to unconfirmed reports the prison officers were killed by rioters yesterday morning,  in retaliation, and weapons carried by those officers were grabbed by them.

Negombo General Hospital Director Consultant Dr. Pushpa Gamlath said nearly 100 injured persons had been admitted, following the clashes, and eight of the critically wounded had been transferred to the National Hospital, in Colombo, for further treatment.

The violence, which initially broke out on Sunday (5) between remand prisoners and convicted inmates, left two inmates dead and 38 others injured before being temporarily brought under control.

However, tensions flared again on Monday (6), with prison officials reporting renewed unrest inside the facility despite earlier assurances that the situation had stabilised.

Police said the initial confrontation was triggered by a dispute linked to the exposure of an alleged drug trafficking network, operating within the prison, and was reportedly orchestrated by a drug trafficker, identified as Suresh, who is said to have links to an underworld figure known as ‘Booru Moona’.

The violence rapidly escalated, with female inmates staging a protest on the Prison roof in support of those involved in the clashes, while relatives gathered outside demanding information on detainees. Police later facilitated visits for selected family members to hospitalised inmates.

The Negombo Prison, which houses around 1,800 remand and convicted inmates, descended into widespread disorder as rival groups clashed, with reports indicating that the violence later spread beyond the initial confrontation.

Authorities said rioting inmates had allegedly seized firearms during the renewed unrest on Monday, prompting heightened security measures.

The Sri Lanka Air Force deployed drones for aerial surveillance and a Bell 412 helicopter to monitor the situation, while additional military personnel were sent to reinforce security around the prison.

Prisons Department spokesperson A.C. Gajanayake said a special investigation team had been appointed, under the direction of the Commissioner General of Prisons, to probe the incident, while a separate police investigation is also underway.

Justice Minister Harshana Nanayakkara told The Island that he had called for a detailed report on the disturbances.

By Norman Palihawadane

Continue Reading

Trending