Iranian hackers used site to target military personnel in US, UK and Europe, says Facebook

US tech giant Facebook said it has blocked 200 accounts operated by hackers in Iran linked to espionage operations which targeted western military, defence and aerospace personnel while using its platform

The social networking site said Iranian hackers known as Tortoiseshell used various malicious tactics to identify their targets and infect their devices with malware to enable espionage.

Watch:

Add WION as a Preferred Source

"This activity had the hallmarks of a well-resourced and persistent operation," Facebook said, adding, "Tortoiseshell deployed sophisticated fake online personas to contact its targets, build trust and trick them into clicking on malicious links."

The hackers used "fictitious personas" across multiple social media platforms to make them appear more credible, it said. The accounts posed as recruiters and employees of defence and aerospace companies.

The group created "tailored domains" to target aerospace and defence industries, Facebook revealed. They also spoofed domains of major email providers and mimicked URL-shortening services to conceal the final destination of the links.

The group used custom malware tools including full-featured remote-access trojans, device and network reconnaissance tools and keystroke loggers, it said.

Facebook said parts of malware was developed by Mahak Rayan Afraz (MRA), an IT company in Tehran with ties to the Islamic Revolutionary Guard Corps (IRGC).

Some personnel also claimed to work for hospitality, medicine, journalism, NGOs and airlines and leveraged various collaboration and messaging platforms to move conversations off-platform and send malware to their targets.

The hackers sometimes engaged their targets for months, Facebook said.

Facebook said the hackers targetedmilitary personnel and companies in the defense and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe.

(With inputs from Agencies)