Two cyberespionage operations in South Asia disrupted by Meta

Meta, the parent company of Facebook, disrupted two cyberespionage operations that used various online services to distribute malware.

Bitter APT has been targeting entities in the energy, engineering, and government sectors since 2013.

To gain victims’ trust before tricking them into downloading malware, the group has created fictitious personas posing as young women, journalists, or activists.

APT36, also known as Transparent Tribe, Earth Karkaddan, Operation C-Major, PROJECTM, and Mythic Leopard, is the second group of hackers.

To gain trust from potential victims, the APT has created fictitious personas such as recruiters or attractive young women.

They have been observed using link shortening services to conceal their malicious URLs, as well as hosting malware on file-sharing services such as WeTransfer.