Hackers for hire: Meta takes down Indian firm’s phishing network


Meta has taken down a network of fake accounts on Facebook and Instagram that were being operated by an Indian firm called CyberRoot Risk Advisory. This network, consisting of around 40 accounts, primarily engaged in social engineering and phishing, often intended to trick people into giving up their credentials to various online accounts across the Internet.

CyberRoot Risk Advisory is the second Indian firm that Meta has cracked down on for allegedly operating fake accounts used in suspected efforts to hack people’s phones, computers and online accounts such as their social media or emails. The firm’s hacking actions were focused on business executives, lawyers, doctors, activists, journalists and members of the clergy in countries like Kazakhstan, Djibouti, Saudi Arabia, South Africa and Iceland.

CyberRoot is part of the global surveillance-for-hire industry that targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts. These firms are part of a sprawling industry that provide intrusive software tools and surveillance services indiscriminately to any customer, and are typically used against opposition politicians, journalists, human rights activists, and rival businesses.

Meta said that since late last year, it has taken action against spyware vendors around the world, including in China, Russia, Israel, the United States and India, who targeted people in about 200 countries and territories.

While Meta did not provide specific information about the expanse of CyberRoot’s activities, it said that the firm used fake accounts to create fictitious personas tailored to gain trust with the people they targeted around the world.

“To appear more credible, these personas impersonated journalists, business executives and media personalities. In some cases, CyberRoot also created accounts that were nearly identical to accounts connected to their targets like their friends and family members, with only slightly changed usernames, likely in an attempt to trick people into engaging,” Meta said in a report Thursday.

The network operated by CyberRoot spoofed domains of major email providers, video conferencing and file sharing tools, including Gmail, Zoom, Facebook, Dropbox, Yahoo, OneDrive and targets’ corporate email servers. These domains were used for stealing login credentials to the victims’ online accounts on these services.

“Our investigation found CyberRoot target people around the world, working in a wide range of industries including cosmetic surgery and law firms in Australia, real-estate and investment companies in Russia, private equity firms and pharmaceutical companies in the US, environmental and anti-corruption activists in Angola, gambling entities in the UK, and mining companies in New Zealand,” Meta said.


Leave a Reply

Your email address will not be published. Required fields are marked *