After pretending to be recruiters or industry colleagues, hackers persuaded victims to visit malicious websites that mimicked familiar domains. However, Facebook has interrupted a sophisticated and highly targeted hacker campaign by a group of experts linked to the Iranian government, the company said.
A hacker group known as “Tortoiseshell” used Facebook and other social networks to do so. to persuade soldiers and those working in the defense and aerospace industries to download unique malware that spy on victims and steal their data – read the Facebook blog post.
“This campaign was very targeted , and the group has invested time in these fake personalities and understanding the targets, “Mike Dvilyanski, Facebook’s chief spy investigator, told reporters.
Facebook cyber experts found that some of the hackers’ malware was in Iran. Developed by IT company Mahak Rayan Afraz, which is affiliated with the Islamic Revolutionary Guard Corps in Iran. “As far as I know, this is the first public assignment of the group’s malware to a supplier or front company affiliated with the Revolutionary Guard,” said Dvilyanski.
Tortoiseshell has traditionally targeted Middle Eastern IT companies . However, according to Dvilyanski, in 2020 he switched to aerospace and defense companies, mainly in the United States, but also in Europe and Britain. The interesting thing about this hacker campaign is that Tortoiseshell targeted less than 200 people.
After hackers pretended to be bounty hunters or industry professionals, they persuaded victims to visit malicious websites that mimic familiar domains. There were those aimed at defense companies, while one forged the job search side of the U.S. Department of Labor. Other sites mimicked email platforms to collect victims ’login information. In some cases, hackers have been talking to targets for months.
Many of the malicious sites collected information about the victims’ computers, which allowed hackers to deliver malware tailored to each victim, Facebook said. Tortoiseshell is known for developing its own malware, including remote access trojans and keyloggers. In the most recent campaign, malware was sometimes introduced into Microsoft Excel spreadsheets.
Facebook said hackers occasionally used previously unseen malware that stored the results of their scout work in a hidden part of an Excel spreadsheet. Facebook assumes that intruders planned to trick their target into “saving and returning the file.”
After deleting hackers ’accounts and preventing the publication of malicious links, Facebook notified alleged victims and shared technical data with industry and law enforcement.
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here!
