By Elizabeth Culliford
July 15 (Reuters) – Facebook said on Thursday it had disposed of some two hundred accounts managed through a hacker organization in Iran as part of a cyberespionage operation aimed primarily at a corps of U. S. military workers and others working in defense and aerospace companies.
The social media giant said the group, dubbed “Tortoiseshell” through security experts, used fake characters online to attach targets, build accept as true infrequently for several months and take them to other sites where they were led to click on malicious links that infect their devices with spy malware.
“This activity had the characteristics of a persistent and well-funded operation, while relying on relatively strong operational security measures to hide who it is,” Facebook’s research team said in a blog post.
The group, Facebook said, has created simulated profiles on various social media platforms to appear more credible, posing as recruiters or workers at aerospace and defense companies. LinkedIn, owned by Microsoft, said it had disposed of several accounts and Twitter said it was “actively investigating” the data contained in Facebook’s report.
Facebook said the organization uses messaging, messaging and collaboration services to distribute the malware, adding via malicious Microsoft Excel spreadsheets. A Microsoft spokesperson said it knows and follows the actor and takes action when it detects malicious activity.
Alphabet Inc said it detected and blocked phishing in Gmail and sent warnings to its users. Workplace messaging app Slack Technologies Inc said it acted with hackers who used the site for social engineering and shut down all workspaces that violated its rules.
The hackers also used traditional domain names to lure their targets, Facebook said, adding fake recruitment sites for defense companies, and established an online infrastructure that simulated a valid task search for the U. S. Department of Labor. U. S.
Facebook said the hackers were primarily targeting other people in the U. S. As well as some in the UK and Europe. Facebook refused to call the corporations whose workers were attacked, but said it notified the other people targeted.
The crusade appeared to show an expansion of the organization’s business, which in the past focused primarily on IT and other industries in the Middle East, Facebook said. The investigation revealed that some of the malware used through the organization was developed through Mahak Rayan Afraz. (MRA), a scientist of pc. Tehran-based corporation connected to the Islamic Revolutionary Guard Corps. (Https://bit. ly/3yVoRtE)
Reuters may not promptly locate Mahak Rayan Afraz’s main points of contact and the company’s former workers did not return without delay to messages sent by LinkedIn. The Iranian project to the United Nations in New York did not respond promptly to a request for comment. (Report through Elizabeth Culliford in New York; Additional report via Michelle Nichols and Raphael Satter;)