Share to FacebookShare to TwitterShare to Linkedin
A cluster of Italian surveillance firms faced repercussions on Facebook and Instagram as Meta uncovered their utilization of AI-generated profile pictures for about 900 fictitious accounts to monitor journalists and political activists.
The Rome-based companies Cy4Gate and RCS Lab employed artificial intelligence to fabricate profile photos, with some personas masquerading as demonstrators, reporters, and young females. Meta’s recent threat report highlighted the deceptive activities orchestrated by these entities.
In a significant revelation by Forbes in November, RCS Lab was found promoting Gens AI, a tool designed to swiftly create online personas through a user-friendly interface. Following Meta’s notification regarding one such fake account linked to the tool’s promotion, the account was promptly disabled.
Meta’s director of threat disruption, David Agranovich, emphasized the importance of addressing such threats early in the attack process to prevent severe consequences. He underlined the significance of thwarting harmful activities before they escalate to critical stages.
The fake profiles orchestrated social engineering schemes to manipulate targets into clicking on links that could expose their IP addresses. Additionally, these personas circulated Word documents containing concealed IP-revealing codes disguised as news articles or petitions. The objective was to extract sensitive information such as email addresses and phone numbers during the reconnaissance phase of surveillance.
The surveillance targets primarily included journalists, activists, and dissidents from countries like Azerbaijan, Kazakhstan, and Mongolia, hinting at potential government involvement as clients. Previous findings by Google researchers unveiled RCS Lab’s spyware targeting Apple iPhones and Android devices in Italy and Kazakhstan. Cy4Gate’s malware, known as Epeius, exploited three zero-day vulnerabilities in Android devices in 2023, enabling extensive monitoring capabilities ranging from messages to calls to multimedia content.
Meta also addressed the removal of fake accounts associated with another Italian surveillance entity, IPS Intelligence, which utilized AI-generated images to scrape public data on targets across various countries. These covert profiles attempted to lure targets into revealing their IP addresses by enticing them to click on malicious links.
Mike Dvilyanski, Meta’s head of cyber espionage investigations, highlighted the intricate corporate structures established by spyware companies to complicate the attribution of malicious activities. By disrupting the surveillance attack chain at its inception, Meta aims to mitigate the potential harm before it escalates to compromising individuals’ devices and accounts.
