They impersonated recruiters or employees of aerospace and defense companies. They led their victims to websites that infected devices with malware.
On Thursday, Facebook said it had removed about 2,200 accounts run by a hacking group in Iran as part of a cyber-espionage operation that targeted US military personnel and defense and aerospace companies. The perpetrators have been targeted.
The social media company says the group, dubbed "Tortoiseshell" by security experts, used fake identities to connect to targets, build trust over the months and take them to other sites. Was Infect your devices with spyware.
"This activity has the characteristics of a good performance and permanent operation while relying on relatively strong operational security measures to hide who was behind it," Facebook's research team said in a post.
According to Facebook, the group created fake profiles on various social media platforms that appear to be more credible, often appearing as recruiters or employees in aerospace and defense companies.
LinkedIn, which Microsoft owns, said it had deleted several accounts, and Twitter said it was "actively investigating" the information in the Facebook report.
Facebook said the group used email and messaging. Malware Support services for distribution of malware via Microsoft Excel spreadsheets. A Microsoft spokesperson said that it was aware of this fact and was tracking it and that the company takes action when it detects malicious activity.
Google for Alphabet Inc said it had detected and blocked phishing in Gmail and issued warnings to its users.
The messaging app for Work Slack Technologies Inc. says it has cracked down on hackers who have used social engineering sites and shut down all workplaces that violate its rules. ۔
Facebook said the hackers also used appropriate domains to lure its targets, including fake recruitment websites for defense companies, and set up an online infrastructure that the U.S. Department of State Copied a legitimate job search job for Labor.
Facebook said hackers primarily targeted people in the United States and some in the United Kingdom and Europe in a campaign that has run since mid-2020. Still, his head of cyber espionage, Mike Dvilyanski, said he was notifying the "less than 200 individuals" who were attacked.
The campaign appears to show an expansion of the group's activity, which had previously been mostly concentrated in the IT sector and other Middle Eastern industries, Facebook said. The investigation found that some of the malware used by the group was developed by Mahak Rayan Afraz (MRA), a Tehran-based computer company linked to the Islamic Revolutionary Guard Corps.