Meta Targets 'Cyber Mercenaries' Using Facebook to Spy

Facebook parent Meta says it has targeted a series of companies that use its networks for spying. Chris DELMAS AFP
Facebook parent Meta says it has targeted a series of companies that use its networks for spying. Chris DELMAS AFP
TT
20

Meta Targets 'Cyber Mercenaries' Using Facebook to Spy

Facebook parent Meta says it has targeted a series of companies that use its networks for spying. Chris DELMAS AFP
Facebook parent Meta says it has targeted a series of companies that use its networks for spying. Chris DELMAS AFP

Facebook parent Meta on Thursday banned a series of "cyber mercenary" groups and began alerting some 50,000 people likely targeted by the firms accused of spying on activists, dissidents and journalists worldwide.

Meta took down 1,500 Facebook and Instagram pages linked to groups with services allegedly ranging from scooping up public information online to using fake personas to build trust with targets or digital snooping via hack attacks, AFP reported.

The social media giant also started warning about 50,000 people it believes may have been targeted in more than 100 nations by firms that include several from Israel, which is a leading player in the cyber-surveillance business.

"The surveillance-for-hire industry... looks like indiscriminate targeting on behalf of the highest bidder," Nathaniel Gleicher, head of security policy at Meta, told a press briefing.

The Facebook parent said it deleted accounts tied to Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI -- all of which were based or founded in Israel.

India-based BellTroX, North Macedonian firm Cytrox and an unidentified entity in China also saw accounts linked to them removed from Meta platforms.

Cytrox was also accused Thursday by researchers at Canadian cybersecurity organization Citizen Lab of developing and selling spyware used to hack Egyptian opposition figure Ayman Nour's phone.

- Unnamed Chinese operation -
"These cyber mercenaries often claim that their services only target criminals and terrorists," said a Meta statement.

"Targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists," it added. "We have banned them from our services."

Black Cube, in a statement to AFP, denied wrongdoing or even operating in the "cyber world."

"Black Cube works with the world's leading law firms in proving bribery, uncovering corruption, and recovering hundreds of millions in stolen assets," it said, adding the firm ensures it complies with local laws.

Firms selling "web intelligence services" start the surveillance process by gathering information from publicly available online sources such as news reports and Wikipedia.

Cyber mercenaries then set up fake accounts on social media sites to glean information from people's profiles and even join groups or conversations to learn more, Meta investigators said.

Another tactic is to win a target's trust on a social network and then trick the person into clicking on a booby-trapped link or file that installs software that can then steal information from whatever device they use to go online.

With that kind of access, the mercenary can steal data from a target's phone or computer, as well as silently activate microphones, cameras and tracking, according to the Meta team.

Bluehawk, one the targeted firms, sells a wide range of surveillance activities, including managing fake accounts to install malicious code, the Meta report said.

Some fake accounts linked to Bluehawk posed as journalists from media outlets such as Fox News in the United States and La Stampa in Italy, according to Meta.

While Meta was not able to pinpoint who was running the unnamed Chinese operation, it traced "command and control" of the surveillance tool involved to servers that appeared to be used by law enforcement officials in China.



Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials

Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
TT
20

Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials

Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)

The State Department is warning US diplomats of attempts to impersonate Secretary of State Marco Rubio and possibly other officials using technology driven by artificial intelligence, according to two senior officials and a cable sent last week to all embassies and consulates.

The warning came after the department discovered that an impostor posing as Rubio had attempted to reach out to at least three foreign ministers, a US senator and a governor, according to the July 3 cable, which was first reported by The Washington Post.

The recipients of the scam messages, which were sent by text, Signal and voice mail, were not identified in the cable, a copy of which was shared with The Associated Press.

“The State Department is aware of this incident and is currently investigating the matter,” it said. “The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents.”

It declined to comment further due to “security reasons” and the ongoing investigation.

One of the officials said the hoaxes had been unsuccessful and “not very sophisticated.” Nonetheless, the second official said the department deemed it “prudent” to advise all employees and foreign governments, particularly as efforts by foreign actors to compromise information security increase.

The officials were not authorized to discuss the matter publicly and spoke on condition of anonymity.

“There is no direct cyber threat to the department from this campaign, but information shared with a third party could be exposed if targeted individuals are compromised,” the cable said.

The FBI warned in a public service announcement this past spring of a “malicious text and voice messaging campaign” in which unidentified “malicious actors” have been impersonating senior US government officials.

The scheme, according to the FBI, has relied on text messages and AI-generated voice messages that purport to come from a senior US official and that aim to dupe other government officials as well as the victim’s associates and contacts.

It is the second high-level Trump administration official to face such AI-driven impersonation.

The government was investigating after elected officials, business executives and other prominent figures received messages from someone impersonating President Donald Trump’s chief of staff, Susie Wiles. Text messages and phone calls went out from someone who seemed to have gained access to the contacts in Wiles’ personal cellphone, The Wall Street Journal reported in May.

Some of those who received calls heard a voice that sounded like Wiles, which may have been generated by artificial intelligence, according to the newspaper. The messages and calls were not coming from Wiles’ number, the report said.