The latest news shared by one of the social media giants – Facebook, states that the company had suspended the accounts of 200 Iranian hackers who had been running a cyber-spying operation against people working for the U.S. military and defense and aerospace companies’ employees.
The group named “Tortoiseshell” by security experts used fake online personalities as a way to connect with targets. They implemented vicious strategies to build trust and then prompted targets to visit malicious links that infect machines with spying malware.
Multiple Social Media Platforms Part of the Operation
To appear more credible, hackers pretended to be recruiters or representatives from credible aerospace and defense companies. They further made fictitious profiles across multiple social media platforms including LinkedIn and Twitter. Twitter said it was “actively investigating” the information in Facebook’s report while LinkedIn reported the removal of a number of accounts.
The malware was also distributed via malicious Microsoft Excel spreadsheets and phishing campaigns on Gmail. The workplace messaging app Slack informed that it had taken actions to take down hackers’ accounts that were misused for social engineering and other vicious activities that violated its services.
An Operation in Action Since Mid of 2020
A whole set of technologies was reported to be used by the Iran hacking group “Tortoiseshell” including fake recruiting websites for defense companies, and a whole online infrastructure masqueraded as a legitimate job platform for the US Department of Labor. In addition,
The campaign appeared to show an expansion of the group’s activity, which had previously been reported to concentrate mostly on the I.T. and other industries in the Middle East, Facebook said
.
Facebook said the hackers mostly targeted people in the United States, but victims were found in the United Kingdom and Europe as well. The vast cyber-spying campaign had been running since mid-2020.
This is not the first time when the social media giant Facebook is abused by cyber criminals. Lately, we have reported another case where the phone numbers of millions of Facebook users were scraped from people’s profiles by malicious actors.
In conclusion to the current case, Facebook said it had blocked the malicious domains that were shared by hackers and Google informed it had added the domains to its “blocklist.”
Gergana Ivanova
Highly motivated writer with 5+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, I strive to create content that is based on thorough technical research. I find joy in the process of creating articles that are easy to understand, informative, and useful. Follow me on Twitter (@IRGergana) for the latest in the field of computer, mobile, and online security.
Follow Me: