CyberRoot Risk Advisory formed the focus of the latest Meta report on the surveillance-for-hire industry
The people who were the target of CyberRoot Risk Advisory were those involved in litigation, such as business executives, lawyers, activists and journalists
The Indian company used fake accounts to create fake personas to gain the trust of people it targeted around the world
Social media major Meta has removed over 40 Facebook and Instagram accounts of the Indian company CyberRoot Risk Advisory for phishing.
“Rather than directly sharing malware on our apps, this group’s activity manifested primarily in social engineering and phishing, often intended to trick people into giving up their credentials to various online accounts across the internet (e.g. email),” said Meta in its Threat Report on the Surveillance-for-Hire Industry for 2022.
CyberRoot Risk Advisory formed the focus of the latest Meta report on the surveillance-for-hire industry. The company was alleged to be involved in a hacking-for-hire business, serving customers across the world.
According to the Facebook, Instagram and WhatsApp parent, CyberRoot used a similar playbook as one of the companies it highlighted last year, BellTroX. It comes as no surprise that CyberRoot was found to be working with BellTroX in the past, including sharing web infrastructure and even employees.
CyberRoot Risk Advisory: A Network Of Deceit
The Indian company used fake accounts to create fake personas to gain the trust of people it targeted around the world. The company would usually impersonate journalists, business executives and media personalities, according to the Meta report.
“In some cases, CyberRoot also created accounts that were nearly identical to accounts connected to their targets like their friends and family members, with only slightly changed usernames, likely in an attempt to trick people into engaging,” the Meta report said, shedding light on the modus operandi of the company.
CyberRoot also spoofed domains of major email providers, video conferencing and file-sharing tools, such as Gmail, Yahoo, OneDrive, Facebook and Zoom to steal login credentials.
The company targeted people across the world, working across industries like cosmetic surgery and law firms in Australia, real estate and investment companies in Russia, private equity firms and pharma companies in the US, environmental and anti-corruption activists in Angola, gambling entities in the UK and mining companies in New Zealand.
The people who were the target of CyberRoot Risk Advisory were those involved in litigation, such as business executives, lawyers, doctors, activists, journalists and clergy members. The company’s targets spanned across countries like Kazakhstan, Djibouti, Saudi Arabia, South Africa and Iceland.
Talking about the action it has taken on CyberRoot, Meta said, “We blocked this group’s domain infrastructure, shared our findings with our industry peers and security researchers and are sharing threat indicators to help inform further research and detection of this malicious activity across the internet.”
Meta also took down a network of 900 fake Facebook and Instagram accounts operated by an unknown entity in China. The accounts were focused on collecting data from people in Myanmar, India, Taiwan, the US and China, including military personnel, pro-democracy activists, government employees, politicians and journalists.
