Facebook says it has unmasked and blocked hackers from Iran who sought to target defense and aerospace personnel in the United States and Europe.
Facebook puts a stop to Iranian hackers
This group of hackers, known as Tortoiseshell, used Facebook to collect information on targets, lure them off the platform, and infect their devices to spy on them. Hackers targeted military personnel, defense and aerospace companies primarily in the United States and to a lesser extent in the United Kingdom and Europe.
“It is difficult for us to know how successful this campaign was, but it had all the characteristics of a well-funded operation”, has indicated Facebook’s head of cyberespionage investigations, Mike Dvilyanski.
The social network was one element of the much larger cross-platform cyber espionage operation, Facebook said. The foray into the social network was done through various tactics, such as deploying sophisticated fake online users to contact targets and build their trust to click on malicious links. Hackers pretended to be recruiters, defense company employees, and even journalists or hotel staff.
Hackers have created domain names and sites that impersonate official sites like a US Department of Labor job search site. They were also using custom malware, unique to their operations which Facebook said was found to have indirect links to the Revolutionary Guards in Iran. They were introduced on victims’ devices and were designed to collect information, including login credentials for work emails or social networks.
Blocking of many accounts
According to Facebook, some of these codes were developed by Tehran-based tech company Mahak Rayan Afraz (MRA) which has ties to the Revolutionary Guard Corps, the ideological army of the Islamic Republic of ‘Iran. “We have no evidence that Tortoiseshell is directly linked to a government but as far as I know this is the first time that the group’s malicious code has been publicly attributed to a company with links to the Revolutionary Guards. “, said Mike Dvilyanski.
On arrival, Facebook blocked some 200 accounts which were used to trick their targets and invite them to connect outside the social network on spurious sites. A little less than 200 users were victims of these subterfuge and they were warned by Facebook. What’s more, Facebook has shared its findings with its partners on the Internet, as well as the authorities.