Pixelette Technologies

Iranian Hackers Conducted an Operation on the US Military

 why has Facebook suspended accounts from its platform?

On Thursday, the Social Media giant explained that it dismantled three sophisticated online cyberespionage campaigns conducted by Iranian hackers on Facebook targeting about 200 military personnel and companies in the defense and aerospace sectors across the US, UK, and Europe with fake online identities.

An investigation by Facebook associated the attacks with a group previously associated with a Saudi Arabian technology industry attack group known as Tortoiseshell, which used similar tactics in past campaigns.

This suggests an expansion of malicious activity by the threat group.

Director, Threat Disruption, at social media giant Facebook said:

“This group used various malicious tactics to identify its targets audience and infect their devices with malware to enable espionage. This activity had the hallmarks of a well-resourced and continued operation while relying on relatively strong operational security measures to hide who’s behind it.”

Using Facebook as a social media engineering vector, the bad actors exploited the ill-conceived attacks as part of a large-scale campaign to redirect victims from legitimate domains to rogue websites via malicious links, said the company.

Tortoiseshell supposedly used fictitious personas to contact its targets and engage them for months to build trust, most of them posing as recruiters and aerospace or aviation employees.

In contrast, others claimed to work in hospitality, medicine, journalism, NGOs and airlines.

As part of the scheme, fake versions of a US Department of Labor job search site and recruiting sites were used to target individuals in the aerospace and defense industries with the ultimate goal of stealing credentials and siphoning data from their email accounts.

Among other strategies, the threat actors used collaboration tools and messaging platforms to move conversations off-platform and spread malware and profile the networks to gather information.

In addition to the hardware connected to the devices, there was software installed on them to enable the deployment of malicious remote access Trojans (RATs), device and network reconnaissance tools, and keystroke loggers.

Facebook added:

“To disrupt this operation, we blocked malicious domains from being shared on our platform, took down the group’s accounts and notified people whom we believe were targeted by this threat actor. Around 200 accounts run by the hacking group were removed.”

Leave a Comment

Your email address will not be published. Required fields are marked *

Recent Posts

SUBSCRIBE FOR NEWSLETTER

Topic(s) Of Interest

Social Share

Share this post with your friends, if you found our content interesting.

× How can we help you?