Table of Contents
On Thursday, the Social Media giant explained that it dismantled three sophisticated online cyberespionage campaigns conducted by Iranian hackers on Facebook targeting about 200 military personnel and companies in the defense and aerospace sectors across the US, UK, and Europe with fake online identities.
An investigation by Facebook associated the attacks with a group previously associated with a Saudi Arabian technology industry attack group known as Tortoiseshell, which used similar tactics in past campaigns.
This suggests an expansion of malicious activity by the threat group. عدد قوارير البولينج
Director, Threat Disruption, at social media giant Facebook said:
“This group used various malicious tactics to identify its targets audience and infect their devices with malware to enable espionage. This activity had the hallmarks of a well-resourced and continued operation while relying on relatively strong operational security measures to hide who’s behind it. كوره نت ”
Using Facebook as a social media engineering vector, the bad actors exploited the ill-conceived attacks as part of a large-scale campaign to redirect victims from legitimate domains to rogue websites via malicious links, said the company.
Tortoiseshell supposedly used fictitious personas to contact its targets and engage them for months to build trust, most of them posing as recruiters and aerospace or aviation employees.
In contrast, others claimed to work in hospitality, medicine, journalism, NGOs and airlines.
As part of the scheme, fake versions of a US Department of Labor job search site and recruiting sites were used to target individuals in the aerospace and defense industries with the ultimate goal of stealing credentials and siphoning data from their email accounts. viagra en libre service
Among other strategies, the threat actors used collaboration tools and messaging platforms to move conversations off-platform and spread malware and profile the networks to gather information.
In addition to the hardware connected to the devices, there was software installed on them to enable the deployment of malicious remote access Trojans (RATs), device and network reconnaissance tools, and keystroke loggers.
“To disrupt this operation, we blocked malicious domains from being shared on our platform, took down the group’s accounts and notified people whom we believe were targeted by this threat actor. Around 200 accounts run by the hacking group were removed. اكبر كازينو في العالم ”