[ad_1]
If you are a A member of the U.S. military who has received friendly Facebook messages from private sector recruiters for months, suggesting a lucrative future in the aerospace or defense industry, Facebook could have bad news.
On Thursday, the social media giant revealed it had tracked and at least partially disrupted a long-standing Iranian hacking campaign that used Facebook accounts to masquerade as recruiters, jarring US targets with engineering blueprints social media before sending them files or tricking them into submitting sensitive credentials to phishing sites. Facebook says the hackers also claimed to work in the hospitality or medical industry, journalism, or NGOs or airlines, sometimes engaging their targets for months with profiles on several different social media platforms. And unlike some previous cases of Iranian state-sponsored social media cat fishing that have focused on Iran’s neighbors, this latest campaign appears to have largely targeted Americans and, to a lesser extent, victims. British and European.
Facebook says it removed “less than 200” fake profiles from its platforms as a result of the investigation and notified roughly the same number of Facebook users that hackers targeted them. “Our investigation revealed that Facebook was part of a much larger spy operation that targeted people with phishing, social engineering, spoofed websites and malicious domains on multiple social media platforms,” emails and collaboration sites, ”David Agranovich, director of threats at Facebook. disruption, said Thursday in a press call.
Facebook identified the hackers behind the social engineering campaign as the group known as Tortoiseshell, believed to be working on behalf of the Iranian government. The group, which has loose ties and similarities to other Iranian bands better known as APT34 or Helix Kitten and APT35 or Charming Kitten, was first revealed in 2019. At that time , security firm Symantec spotted hackers in Saudi Arabia. Arab IT vendors in an apparent supply chain attack designed to infect company customers with malware called Syskit. Facebook spotted the same malware used in this latest hacking campaign, but with a much broader set of infection techniques and with targets in the United States and other Western countries instead of the Middle East.
Tortoiseshell also appears to have opted for social engineering over a supply chain attack from the start, starting its social media catfishing as early as 2018, according to security firm Mandiant. This includes much more than Facebook, says John Hultquist, Mandiant’s vice president of threat intelligence. “From some of the very early operations, they’ve been compensating for really simplistic technical approaches with really complex social media schemes, which is an area where Iran is really good at,” Hultquist said.
In 2019, Cisco’s Talos security division spotted Tortoiseshell running a fake veteran site called Hire Military Heroes, designed to trick victims into installing a desktop app on their PC that contained malware. Craig Williams, director of the Talos intelligence group, says this bogus site and the larger campaign Facebook has identified both show how military personnel trying to find jobs in the private sector are ideal targets for spies . “The problem we have is that the veterans making the transition to the commercial world are a huge industry,” says Williams. “Bad guys can find people who will make mistakes, who click on things they shouldn’t, who are drawn to certain propositions.”
Facebook warns that the group also spoofed a US Department of Labor site; the company provided a list of the group’s fake domains that mimicked news media sites, versions of YouTube and LiveLeak, as well as many variations of URLs related to the Trump family and the Trump organization.
[ad_2]
Source link