Facebook Caught Iranian Spies

Facebook Spies Targeted US
Share It On:

23 July 2021, Kathmandu

Facebook revealed that it tracked and partly disrupted a cyber espionage campaign launched by Iranian hackers, collectively mentioned as Tortoiseshell or Imperial Kitten.

On Thursday, Facebook said that it had taken down about 200 accounts travel by a gaggle group of hackers in Iran as part of a cyber spying operation that targeted mostly US military personnel and other people performing at defense and aerospace companies.

The hackers impersonated recruiters to lure U.S. targets with compelling social engineering schemes. The hackers did the social engineering schemes by sending malware-laced files or deceiving the victims into submitting credentials to phishing sites. Besides, the attackers also imitated personnel from the hospitality and medical sectors, NGOs, and airlines. Though the campaign has mostly targeted U.S. citizens, few European victims have also been affected by this campaign.

Facebook said the hackers mostly targeted people in the US, as well as some in the UK and Europe, during a campaign running since mid-2020. It declined to call the businesses whose employees were targeted but its head of cyber espionage Mike Dvilyanski said it had been notifying the “fewer than 200 individuals” who were targeted.

About the campaign

The gang was recently in fame for targeting IT providers in the Middle East in a possible supply chain attack.
• This campaign appears to be an extension of the threat actor’s activities in other regions aside from the center East.
• The malware was partly developed by Mahak Rayan Afraz, an IT firm in Tehran related to the IRGC, as per the research done by analysts.
• The campaign was persistent and well-resourced and hooked into robust operational security measures to obscure the responsible actor.
• The social engineering, phishing, and credential theft, malware deployment, and outsourcing malware development were included in the employed TTP.

A request for comment sent was not immediately responded to by Iran’s mission to the United Nations in New York. The Iranian state cyber espionage and its alleged connection with MRA’s are not new. MRA was one of several contractors suspected of serving the IRGC’s elite Quds Force, said Recorded Future, a cybersecurity company last year.

The bottom line

The malicious domains have been shut by Facebook from being shared and Google has added them to its blocklist. This campaign indicates that Iranian cyberespionage will still aim at sensitive targets. State-backed hackers are up to no good and defenses got to be cranked up.


Share It On:

Recent Posts

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT Social Innovation Award 2024

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT

Share It On:29th November 2024, Kathmandu Kataho has been recognized as one of the Top 5 Finalists in the ICT

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Share It On:28th November 2024, Kathmandu Xiaomi, the global technology leader, has launched the Xiaomi Smart Multifunctional Rice Cooker in

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Share It On:28th November 2024, Kathmandu Ncell Foundation has announced an innovative partnership that combines the excitement of cricket with

realme Expands in Dang: Nepal Gets First Service Center

realme Expands in Dang: Nepal Gets First Service Center

Share It On:28th November 2024, Kathmandu realme, the most trusted technology brand, has inaugurated its 5th service center in Nepal,

Nammi EV Price Hike in Nepal: A Detailed Look at the New Costs

Nammi EV Price Hike in Nepal: A Detailed Look at

Share It On:28th November 2024, Kathmandu Nammi, the big hatch with five-star luxury, debuted the international launch of the right-hand-

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

Share It On:28th November 2024, Kathmandu The NMB Bank organized a special training session for its managers to strengthen their