• CyberRoot impersonated media figures by using false accounts.
• It was directed at law firms and those interested in cosmetic surgery.
• CyberRoot made accounts that were identical to those of their targets' friends and family.

The online giant revealed in a report that over 40 accounts run by an Indian company called CyberRoot Risk Advisory, which is purportedly engaged in hacking-for-hire activities, have been shut down. A network of roughly 900 bogus Instagram and Facebook accounts run out of China by an unidentified entity was also taken down by Meta.

According to the company's Threat Report on the Surveillance-for-Hire Industry published on December 15, these accounts were primarily used to gather information on individuals in Myanmar, India, Taiwan, the US, and China, including military personnel, pro-democracy activists, public servants, politicians, and journalists.  

'We terminated a network of more than 40 personas operated by the Indian business CyberRoot Risk Advisory Private on Facebook and Instagram. Instead of directly disseminating malware through our apps, this group's activity was mostly exhibited through social engineering and phishing, which frequently aimed to con people into disclosing their login information for numerous online accounts across the internet 'stated the report.

 According to Meta, CyberRoot created false identities impersonating journalists, business leaders, and media figures using bogus accounts in order to acquire the trust of the people they targeted around the world. According to the report, CyberRoot occasionally made accounts that were nearly identical to those belonging to their targets' friends and family members, with only slightly altered usernames. This was probably done in an effort to trick users into participating. 

According to Meta, it was discovered that CyberRoot targeted individuals working in a variety of different industries, including law firms and cosmetic surgery clinics in Australia, real estate and investment firms in Russia, private equity firms and pharmaceutical companies in the US, anti-corruption and environmental activists in Angola, gambling establishments in the UK, and mining companies in New Zealand. 

In the US, China, Russia, Israel, the UK, and India, among other countries and territories, spyware was sold to individuals in roughly 200 countries and territories, according to Meta, which stated it is still looking into the matter and taking appropriate action against the violators.