Meta said measures have been taken against two cyber espionage operations in South Africa. Measures have been taken against Bitter APT and APT36. This announcement was made by the company last Thursday in its quarterly conflict threat report for the second quarter of 2022. In the report, Meta Global head of Threat analysis Ben Nimmo and Director of threat analysis David Agranovic gave information about the risks that Meta sees on a global scale and many policy violations. “We have taken action against a group of hackers known in the security industry as Bitter APT, who operate from South Asia and target people in New Zealand, India, Pakistan, and the United Kingdom.”Regarding the operation, Meta said that although the group was relatively weak in terms of the complexity and security of the operation, it was well-equipped and persistent. Bitter used a variety of malicious tactics to target people online through social engineering and infect their devices with malware. The group allegedly used malicious domains, compromised websites, link shortening services, and third-party hosting providers to distribute their malware. In terms of tactics, methods, and procedures (TTPS), Bitter will probably use a combination of an iOS app, social engineering, meta-malware for Android called Dracarys, and hostile adaptation. The company said its investigation linked activities related to APT36 to state-related actors in Pakistan. “[Group] military personnel, government officials, human rights defenders, and other non-profit employees and students, including Afghanistan, India, Pakistan, UAE, and Saudi Arabia are the people targeted.”Meta said that APT36 is relatively low in TTP clearance.