How Meta and Apple were hacked via social engineering pretexting technique

A hacking group managed to obtain confidential information from some users after contacting the Apple and Meta support areas posing as police officers, accessing records such as full names, phone numbers and IP addresses. According to Bloomberg, both companies were attacked in mid-2021, when their employees received Emergency Data Requests.

These requests are legal paperwork that allows law enforcement to obtain certain from users involved in critical investigations. This type of request does not require a court order, since it is considered urgent and is made in life and death situations, so the deceived employees did not hesitate to share the requested information.

This is a sample of the attack known as pretexting. Experts mention that pretexting is the basis of any social engineering attack and consists of the creation of a fictional scenario or story, allowing threat actors to obtain from the victim confidential information that would not be shared under normal circumstances.

Although both Apple and Meta have repeatedly ensured that they have strict protocols in place to verify the legitimacy of these emergency requests, the threat actors behind this attack managed to evade these verification mechanisms successfully. Cybersecurity specialists mention that threat actors could have used compromised email addresses belonging to real police officers. A recent report by Krebs on Security claims that this attack vector is highly effective, plus it appears to be a trivial task for hackers to access online law enforcement accounts.

Meta’s security teams have already taken action on the matter, Andy Stone, a spokesman for the company, mentions: “We have blocked compromised accounts so that they do not make allegedly fraudulent requests in the future.”

Preliminary reports indicate that the attack was organized by Recursion Team, a hacking group allegedly made up of teenagers from the United States and the United Kingdom. This amateur hacking group would have been dissolved after its detection.

Other reports indicate that some of the former members of Recursion Team have joined Lapsus$, a malicious operation responsible for the recent attacks against firms such as NVIDIA, Microsoft, Okta, Samsung and MercadoLibre. A few days ago the British police took into custody some alleged members of Lapsus$, all teenagers under the age of 18.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.