Hackers duped Apple, Meta and other tech firms with forged data requests for user information
India Today
A hacking campaign has come to light wherein technology companies like Apple and Meta are being targeted with fake emergency data requests to extract user data. Here is all that is known about the campaign till now.
Apple and Meta have reportedly been duped into sharing the data of some of their users with hackers. The companies shared the data in response to fake emergency data requests by hackers, which portrayed them as law enforcement officials. It is now being learnt that such fake emergency requests to extract data from companies have been going on for quite long.
As reported by Bloomberg, Apple and Meta, the parent company of Facebook, provided details like a user's address, phone number and IP address to hackers. The information leak tool place in mid-2021, as a response to the forged requests. While such requests are mostly made with a search warrant or subpoena, emergency data requests do not legally require a court order.
Three people with knowledge of the matter told the publication that Snap Inc., the parent company of Snapchat, and gaming social media Discord also received a similar legal request forged by the same hackers. It is not clear yet if the company, like Apple and Meta, shared user data with the hackers
As per the report, hackers who gained the data from the tech majors ran harassment campaigns on the target users. Other than that, Bloomberg's sources also indicated the possibility of financial fraud schemes based on this data. The hackers could even attempt to bypass account security of the victims in some cases.
It is believed that hackers associated with a cybercrime group called “Recursion Team” are behind the data extraction attempts. The group apparently sent such fraud emergency data requests to technology firms throughout 2021, but now remains inactive. Some of its members have reportedly joined Lapsus$, the notorious cyber crime gang responsible for the recent data leaks of a number of companies, including Microsoft, Samsung and others.
Cybersecurity researchers have also hinted that some of the hackers involved with the forged requests may be the suspected Lapsus$ group members in the US and the UK. Experts say that they were able to dupe the companies by compromising the email domains of some law enforcement agencies in multiple countries. These domains are easily accessible to hackers on online criminal marketplaces on dark web.
Hints of the same were seen on the forged requests. As per the report, the documents had "forged signatures of real or fictional law enforcement officers." Discord also mentioned this in a statement. “While our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor.” The matter is currently under investigation by law enforcement agencies.
