Facebook Catches Iranian Spies Catfishing Us Military Targets

If you're one of the US Army members who became friends on Facebook after months of seemingly endless messages from private sector recruits hinted at a lucrative future in the aerospace or defense industries, Facebook has some bad news. In the event that you are a member of the US Army and months after graduation receive a pleasant message from a private sector recruiter who suggests a potentially profitable future as an aerospace contractor, the business on Facebook could be dangerous information. Facebook says that fewer than 200 of the fake profiles removed from its platform after an account investigation and told an identical number of Facebook customers that hackers were targeting them.

On Thursday, the social media giant revealed that it has pursued - or at least disrupted - a long-standing Iranian hacking campaign that used Facebook accounts posing as recruiters to recruit US targets by convincing social engineering programs to send them malware-infected files and tricked them into transmitting sensitive credentials to phishing websites. Facebook said if the investigation was being conducted it removed fewer than 200 fake profiles from its platform but it has informed the same number of its users that hackers had targeted them. On Thursday, Facebook revealed that it had pursued and modified a lengthy Iranian hacking operation using Facebook accounts to imitate recruits, target US targets with powerful social engineering systems, send them malware-infected files, get them to send sensitive credentials and fish websites.

Social media giant identified the hackers as a group called Tortoiseshell which is believed to be working for the Iranian government. On Thursday, Societal Media and Elephantine announced that they were tracking Astatine Slight, disrupting a long-standing Iranian hacking campaign that utilized Facebook accounts for Airs Arsenic Recruiters, targeted successful US targets by convincing them of a malware-infected file in Oregon and persuading them to submit sensitive credentials to phishing sites.

Facebook said the hackers had claimed to work in the hospitality and medical industries, journalism, non-governmental organisations and airlines and had targeted their targets across profiles on various social media platforms for months. Facebook said the attackers posed as imitators of successful hospitality (Oregon Aesculapian Industry), successful journalism (Oregon Astatine ), NGOs (Oregon Airlines) and their targets through months of profiles on social media platforms such as Facebook.

While previous cases of state-sponsored cat-fishing on social media focused on Iran's neighbors, the latest campaign appears to focus on Americans and, to a lesser degree, on foreign victims. Unlike previous cases in which cat-fishing targeted Iran's neighbors, the new marketing campaign appears to focus on people from abroad, and to a lesser extent on British and European victims.

Catfishing on social media is more than Facebook, said John Hultquist, vice president of threat information for security firm Mandiant. Craig Williams, the Talos intelligence group director, said that in the broader campaign against Facebook, fake pages showed that military personnel trying to find jobs in the private sector were just the right target for spies. Williams said that fake veterans' websites called "Hire a Military Hero" are meant to trick victims into installing desktop apps on their PCs that contain malware, but the larger Facebook campaign has identified shows that these military members are also ready targets for spying.

In 2019 Cisco’s Talos Security Division discovered Tortoiseshell, which runs a fake veterans website called Hire a Military Hero, designed to trick victims into installing a desktop app on their PCs that contained malware. Later in the campaign, Facebook warned Talos Intelligence Group about a secret part of the US Labor website during the election campaign and provided a list of Talos fake domains consisting of a variety of URLs related to news media websites, YouTube, and a living version of a URL related to the Trump family and the Trump Organization. On Thursday, Facebook revealed that it has maintained, or at least disrupted, a long Iranian hacking campaign disguised Facebook accounts as recruits to lure US targets with convincing social engineering plans, send them malware-infected files and get them to send sensitive identification info to phishing sites.

In 2019, Cisco's Talos Safety Division caught the eye of Tortoiseshell, which ran a fake veterans website called Rent an Army Hero, designed to trick victims into installing desktop apps that contained malware on their PCs. His catfishing on social media showed "excesses beyond FB," said John Hultquist, Mandiant's vice president of risk intelligence. Moments later, the security agency Symantec noticed that hackers had infiltrated Saudi IT suppliers, which was obvious and triggered a chain of attacks aimed at contaminating business prospects with malware known to be out there.

FB noted that the malware, commonly known as Syskit, has a wide range of infection methods that target the US and various Western nations and replace the center of the East. Features are on the way, says Mandiant VP of Menace Intelligence John Hultquist. That includes using Facebook more consciously, says John Huckabee, Mandiant's vice president of threat quality.

Sign up for a free NewsNow account and receive daily email notifications of the top stories from across the UK and around the world. Subscribe to NewsNow email notification every day to get the top stories of the day, from both the UK and around the world.