February 19, 2024 at 08:51AM
Meta Platforms curtailed malicious activity from firms in Italy, Spain, and the U.A.E. operating in surveillance-for-hire. Spyware targeted iOS, Android, and Windows devices, collecting device info, media, and enabling camera and microphone. Accounts in Italy and Spain were involved in social engineering. Meta also acted on coordinated inauthentic behavior from China, Myanmar, and Ukraine. It introduced new features for Messenger and WhatsApp to reduce exploitation. The surveillance industry continues to thrive in unexpected forms, with recent discoveries of surveillance tools like Patternz and MMS Fingerprint. For further updates, follow on Twitter and LinkedIn.
From the meeting notes, the following key takeaways can be identified:
1. Meta Platforms has taken action to curtail malicious activity from eight firms based in Italy, Spain, and the U.A.E. operating in the surveillance-for-hire industry. Their Adversarial Threat Report for the fourth quarter of 2023 revealed that the spyware targeted various devices and had capabilities to access and collect a wide range of sensitive information.
2. The eight companies identified by Meta are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.
3. These firms engaged in scraping, social engineering, and phishing activities targeting platforms such as Facebook, Instagram, X, YouTube, Skype, GitHub, Reddit, Google, LinkedIn, and many others.
4. Accounts associated with some of these companies were used for exploit development and testing, sharing of malicious links, and testing the delivery of spyware targeting Windows, macOS, and Android.
5. Meta also took action against networks from China, Myanmar, and Ukraine exhibiting coordinated inauthentic behavior on Facebook and Instagram.
6. Meta has introduced new features like Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp to make exploitation harder and reduce the overall attack surface.
7. Continuing surveillance industry threats were highlighted, including the unmasking of a surveillance tool called Patternz and a previously unknown mobile network attack known as MMS Fingerprint.
These takeaways summarize the significant points from the meeting and provide a clear understanding of the actions taken by Meta Platforms and ongoing surveillance industry threats.