Iranian hackers used site to target military personnel in US, UK and Europe, says Facebook

WION Web Team
San Francisco, United States Published: Jul 15, 2021, 11:40 PM(IST)

Facebook Photograph:( Reuters )

Story highlights

Facebook said the Iraninan hackers used malware to target and infect devices and used "fictitious personas" across multiple social media platforms

US tech giant Facebook said it has blocked 200 accounts operated by hackers in Iran linked to espionage operations which targeted western military, defence and aerospace personnel while using its platform.

The social networking site said Iranian hackers known as Tortoiseshell used various malicious tactics to identify their targets and infect their devices with malware to enable espionage.

"This activity had the hallmarks of a well-resourced and persistent operation," Facebook said, adding,"Tortoiseshell deployed sophisticated fake online personas to contact its targets, build trust and trick them into clicking on malicious links."

Watch:

The hackers used "fictitious personas" across multiple social media platforms to make them appear more credible, it said. The accounts posed as recruiters and employees of defence and aerospace companies.

The group created "tailored domains" to target aerospace and defence industries, Facebook revealed. They also spoofed domains of major email providers and mimicked URL-shortening services to conceal the final destination of the links.

The group used custom malware tools including full-featured remote-access trojans, device and network reconnaissance tools and keystroke loggers, it said.

Facebook said parts of malware was developed by Mahak Rayan Afraz (MRA), an IT company in Tehran with ties to the Islamic Revolutionary Guard Corps (IRGC).

Some personnel also claimed to work for hospitality, medicine, journalism, NGOs and airlines and leveraged various collaboration and messaging platforms to move conversations off-platform and send malware to their targets. 

The hackers sometimes engaged their targets for months, Facebook said.

"The group created a set of tailored domains designed to attract particular targets within the aerospace and defence industries. Among them were fake recruiting websites for particular defence companies," Facebook revealed.

Facebook said the hackers targeted military personnel and companies in the defence and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe.

(With inputs from Agencies)

Read in App