Meta clamps down on South Asian cyber espionage operations involving Facebook

Meta Platforms signage outside the company's headquarters in Menlo Park, California
(Image credit: Getty Images)

In its adversarial threat report for the second quarter, Meta revealed it’s taken measures against two cyber espionage operations in South Asia targeting Facebook.

Per the report, the operations, linked to Bitter APT and APT36, were directed toward distributing malicious malware under Facebook’s cover.

“We took action against two cyber espionage operations in South Asia. One was linked to a group of hackers known in the security industry as Bitter APT, and the other — APT36 — to state-linked actors in Pakistan,” read the report.

Meta also stated it dismantled a brigading network in India, a mass reporting network in Indonesia, and coordinated violating networks in Greece, India, and South Africa.

Additionally, the firm shared its threat research into an unsuccessful attempt by a troll farm in St. Petersburg, Russia to cause an impression of grassroots support for Russia's invasion of Ukraine on Instagram, Facebook, TikTok, Twitter, and YouTube, among other platforms using fake accounts. Cyber entity “CyberFront Z” and individuals associated with past Internet Research Agency (IRA)-linked activity have been indicated in this new threat activity.

Furthermore, Meta also took down two separate troll farms — one in Malaysia targeted at domestic audiences, and one in Russia targeting global debate about the war in Ukraine, in addition to a network associated with a PR firm in Israel.

“Under our Inauthentic Behavior policy against artificially inflating distribution, we took down tens of thousands of accounts, Pages and Groups around the world,” added Ben Nimmo, global threat Intelligence lead and David Agranovich, director, threat disruption at Meta.

“Our manual investigations around the Philippines election allowed us to build automated enforcement systems to defend against this sort of activity globally and at scale.”