These companies work for governments, companies or private clients to track, manipulate and/or hack devices and accounts online. According to Facebook’s parent company Meta, these companies are not very careful about choosing their customers and making their tools and services available to the highest bidder. These cyber mercenaries don’t seem to care who their targets are or what the consequences of their investigation are.
Cyber mercenaries around the world
The seven companies come from Israel, India, North Macedonia and China. But it seems that even more companies are active. Facebook has taken action against the following companies:
BUSINESS NUMBER OF ACCOUNTS DELETED Cobweb Technologies (Israel) 200 Cognyte (Israel) 100 Black Cube (Israel) 300 Bluehawk (Israel) 100 BellTrox (India) 400 Cytrox (North Macedonia) 300 Unknown entity (China) 100
According to the research, the companies used Facebook as part of the so-called Surveillance Chain , which consists of three phases: Research ( Reconnaissance ), Approach ( Engagement ) and Exploitation ( Exploitation ). The companies and their services are focused on one, more or all parts of the process.
Working method Cyberspies
In the first phase, investigation, the digital mercenaries use automated processes to collect data about the victim from all corners of the internet. For example, they create fake profiles on Facebook. They use this to map the victim’s network. For example, they join the same Facebook groups and follow the victim’s accounts, likes and pages.
In the second phase, approach, they actually make contact with the victim and their environment. The purpose of this is to build trust, extract even more information and get them to click on infected links or attachments.
This process employs many of the social engineering tactics that we see in cyber criminals and scammers. They build different fake personas with their own background, story and accounts. They eventually use