Corporate social networks deletes two hundred accounts
“That of a well-funded and persistent operation”
Last game changer. July 15, 2021 22. 17 TSB
Facebook announced Thursday that it has disposed of some two hundred accounts controlled through a hacker organization in Iran as a component of a cyberespionage operation aimed primarily at the U. S. military workforce. U. S. And other people who work in defense and aerospace companies.
The social media company said the group, dubbed “Tortoiseshell” through security experts, used fake online characters to attach targets, build accept as true (infrequently for several months) and take them to other sites, where they were led to click on Malicious Sites Links that would infect their devices with spyware.
“This activity had the characteristics of a persistent and well-funded operation, while relying on relatively strong operational security measures to hide who it is,” Facebook’s research team said in a blog post.
The group, Facebook said, has created simulated profiles on various social media platforms to appear more credible, posing as recruiters or workers at aerospace and defense companies. LinkedIn, owned by Microsoft, said it had disposed of several accounts and Twitter said it was “actively investigating” the data contained in Facebook’s report.
Facebook said the organization uses messaging, messaging and collaboration services to distribute the malware, adding via malicious Microsoft Excel spreadsheets. A Microsoft spokesperson said it knows and follows the actor and takes action when it detects malicious activity.
Alphabet Inc said it detected and blocked phishing in Gmail and sent warnings to its users. Workplace messaging app Slack Technologies Inc said it acted with hackers who used the site for social engineering and shut down all workspaces that violated its rules.
The hackers also used larger domain names to lure their targets, Facebook said, adding fake recruitment sites for defense companies, and established an online infrastructure that simulated a valid task search for the U. S. Department of Labor. U. S.
Facebook said the hackers were mainly targeting other people in the U. S. As well as some in the UK and Europe, in a crusade that has been ongoing since 2020. He refused to call the corporations whose workers were attacked, but his head of cyberespionage. , Mike Dvilyanski, said he notified “less than two hundred other people” who were attacked.
The crusade gave the impression of showing an expansion of the organization’s business, which in the past focused primarily on IT and other industries in the Middle East, Facebook said. The investigation revealed that some of the malware used through the organization was developed through Mahak Rayan. Afraz (MRA), a Tehran-based IT company connected to the Islamic Revolutionary Guard Corps.
Reuters may not promptly locate Mahak Rayan Afraz’s main points of contact and the company’s former workers did not return without delay to messages sent by LinkedIn. The Iranian project to the United Nations in New York did not respond promptly to a request for comment.
The MRA’s alleged link to the Iranian state’s cyberespionage is not new. Last year, cybersecurity firm Recorded Future said MRA was one of many subcontractors suspected of serving the IRGC’s elite Quds force.
Facebook said it blocked the exchange of malicious domain names and Google said it added similar domain names to its “blacklist. “