viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Facebook catches Iranian spies catfishing US military targets
Technology

Facebook catches Iranian spies catfishing US military targets

17/07/2021

Facebook catches Iranian spies catfishing US military targets

Getty Images

If you’re a member of the US military who’s gotten friendly Facebook messages from private-sector recruiters for months on end, suggesting a lucrative future in the aerospace or defense contractor industry, Facebook may have some bad news.

On Thursday, the social media giant revealed that it has tracked and at least partially disrupted a long-running Iranian hacking campaign that used Facebook accounts to pose as recruiters, reeling in US targets with convincing social engineering schemes before sending them malware-infected files or tricking them into submitting sensitive credentials to phishing sites. Facebook says that the hackers also pretended to work in the hospitality or medical industries, in journalism, or at NGOs or airlines, sometimes engaging their targets for months with profiles across several different social media platforms. And unlike some previous cases of Iranian state-sponsored social media catfishing that have focused on Iran’s neighbors, this latest campaign appears to have largely targeted Americans, and to a lesser extent UK and European victims.

Facebook says it has removed “fewer than 200” fake profiles from its platforms as a result of the investigation and notified roughly the same number of Facebook users that hackers had targeted them.

“Our investigation found that Facebook was a portion of a much broader espionage operation that targeted people with phishing, social engineering, spoofed websites, and malicious domains across multiple social media platforms, email, and collaboration sites,” David Agranovich, Facebook’s director for threat disruption, said Thursday in a call with press.

Advertisement

Facebook has identified the hackers behind the social engineering campaign as the group known as Tortoiseshell, believed to work on behalf of the Iranian government. The group, which has some loose ties and similarities to other better-known Iranian groups known by the names APT34 or Helix Kitten and APT35 or Charming Kitten, first came to light in 2019. At that time, security firm Symantec spotted the hackers breaching Saudi Arabian IT providers in an apparent supply chain attack designed to infect the company’s customers with a piece of malware known as Syskit. Facebook has spotted that same malware used in this latest hacking campaign, but with a far broader set of infection techniques and with targets in the US and other Western countries instead of the Middle East.

Tortoiseshell also seems to have opted from the start for social engineering over a supply-chain attack, starting its social media catfishing as early as 2018, according to security firm Mandiant. That includes far more than just Facebook, says Mandiant vice president of threat intelligence John Hultquist. “From some of the very earliest operations, they compensate for really simplistic technical approaches with really complex social media schemes, which is an area where Iran is really adept,” Hultquist says.

In 2019, Cisco’s Talos security division spotted Tortoiseshell running a fake veterans’ site called Hire Military Heroes, designed to trick victims into installing a desktop app on their PC that contained malware. Craig Williams, a director of Talos’ intelligence group, says that fake site and the larger campaign Facebook has identified both show how military personnel trying to find private-sector jobs pose a ripe target for spies. “The problem we have is that veterans transitioning over to the commercial world is a huge industry,” says Williams. “Bad guys can find people who will make mistakes, who will click on things they shouldn’t, who are attracted to certain propositions.”

Advertisement

Facebook warns that the group also spoofed a US Department of Labor site; the company provided a list of the group’s fake domains that impersonated news media sites, versions of YouTube and LiveLeak, and many different variations on Trump family and Trump organization–related URLs.

Facebook says that it has tied the group’s malware samples to a specific Tehran-based IT contractor called Mahak Rayan Afraz, which has previously provided malware to the Iranian Revolutionary Guard Corps, or IRGC—the first tenuous link between the Tortoiseshell group and a government. Symantec noted back in 2019 that the group had also used some software tools also spotted in use by Iran’s APT34 hacking group, which has used social media lures across sites like Facebook and LinkedIn for years. Mandiant’s Hultquist says it roughly shares some characteristics with the Iranian group known as APT35, too, which is believed to work in the service of the IRGC. APT35’s history includes using an American defector, military intelligence defense contractor Monica Witt, to gain information about her former colleagues that could be used to target them with social engineering and phishing campaigns.

The threat of Iran-based hacking operations—and particularly, the threat of disruptive cyberattacks from the country—may have appeared to subside as the Biden Administration has reversed course from the Trump administration’s confrontational approach. The 2020 assassination of Iranian military leader Qassem Soleimani in particular led to an uptick in Iranian intrusions that many feared were a precursor to retaliatory cyberattacks that never materialized. President Biden has, by contrast, signaled that he hopes to revive the Obama-era deal that suspended Iran’s nuclear ambitions and eased tensions with the country—a rapprochement that has been rattled by news that Iranian intelligence agents plotted to kidnap an Iranian-American journalist.

But the Facebook campaign shows that Iranian espionage will continue to target the US and its allies, even as the broader political relations improve. “The IRGC are clearly conducting their espionage in the United States,” says Mandiant’s Hultquist. “They’re still up to no good, and they need to be carefully watched.”

This story first appeared on wired.com.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

BenQ’s TH585 ‘gaming projector’ lives up to that promise
You have a lot of great options when it comes …

BenQ’s TH585 ‘gaming projector’ lives up to that promise

Google creates Journalism Emergency Relief Fund to support local news
Google will expand free shopping results from a narrow experiment …

Google expands free retail listings into search as pandemic hits ad sales

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Amazon devices will soon automatically share your Internet with neighbors
    Amazon devices will soon automatically share your …
    29/05/2021
  • Pipeline attacker Darkside suddenly goes dark—here’s what we know
    Pipeline attacker Darkside suddenly goes dark—here’s what …
    14/05/2021
  • Check Point researchers uncovered Alexa flaw that exposed personal information and speech histories
    Check Point researchers uncovered Alexa flaw that …
    13/08/2020
  • We played the PlayStation 5 | GamesBeat Decides 170
    We played the PlayStation 5 | GamesBeat …
    30/10/2020
  • The DeanBeat: Helsinki is still a hotbed for mobile games and tech
    The DeanBeat: Helsinki is still a hotbed …
    23/11/2019

Popular Posts

  • Microsoft fends off record-breaking 3.47 Tbps DDoS attack
    Pro-Russia threat group Killnet is pummeling Lithuania …
    27/06/2022 0
  • 10 Huge Problems Animals Should Have But …
    30/05/2022 0
  • 10 U.S. Towns with Terrifying Local Legends …
    30/05/2022 0
  • 10 Inventions Meant for the Military They …
    31/05/2022 0
  • 10 Darkest Rock Albums Ever Made – …
    31/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh