News + Intel

Iranian Hackers Used Facebook to Lure US Military Members

A hacker breaking into Facebook. (Reuters)

Iranian hackers used Facebook to create elaborate fake personas with the purpose of getting Americans in the military, defense, and aerospace industries to fall for phishing schemes so that the hackers could access personal and classified information, Facebook said on Thursday.

The hackers also targeted defense personnel in the U.K. and Europe.

The Iranian spying campaign began last year. Facebook took down “fewer than 200 operational accounts”, according to Mike Dvilyanski, Facebook’s head of cyber-espionage investigations.

You've reached your daily free article limit.

Subscribe and support our veteran writing staff to continue reading.

Get Full Ad-Free Access For Just $0.50/Week

Enjoy unlimited digital access to our Military Culture, Defense, and Foreign Policy coverage content and support a veteran owned business. Already a subscriber?

Iranian hackers used Facebook to create elaborate fake personas with the purpose of getting Americans in the military, defense, and aerospace industries to fall for phishing schemes so that the hackers could access personal and classified information, Facebook said on Thursday.

The hackers also targeted defense personnel in the U.K. and Europe.

The Iranian spying campaign began last year. Facebook took down “fewer than 200 operational accounts”, according to Mike Dvilyanski, Facebook’s head of cyber-espionage investigations.

This is another attack on the U.S. but this time, Iran didn’t target infrastructure or large corporations but the military and defense industry.

Facebook reported that the group, dubbed ‘Tortoiseshell’ by cybersecurity experts, used fake online personas, posing as legitimate defense or aerospace contractors to connect and build trust with members. They then would trick targets into other sites which contained links that would infect their devices with spying malware.

Hackers assigned to the Iranian Revolutionary Guard Corps. (Iranian military)

“This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a release on their blog.

“Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months,” Facebook added.

The Iranians created “catfish” fake personas that were “designed to look like things people would engage with,” said Dvilyanski. Some of the personas included “attractive young women posing as professionals, sometimes pretending to be recruiters for particular companies or industries.”

The Iranian Hackers’ Link to the Revolutionary Guard Corps

As soon as the hackers would access a target’s device, they would share more files, such as fake Microsoft Excel spreadsheets, that contained malicious software. This allowed the hackers to collect even more information, Facebook said. 

The malware was most definitely not an “off-the-shelf” product, said Dvilyanski. This means that the hackers were well-supported. Facebook learned that the malicious software had been designed by Mahak Rayan Afraz a Tehran-based software firm linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

Dvilyanski said in a media conference call that Facebook’s cybersecurity group is “confident” of the connection between some of the malware used in the campaign and Mahak Rayan Afraz, and the link to the IRGC.

A number of the firm’s current and former executives are also connected to other companies under U.S. sanctions, according to the Facebook blog post.

When pressed by international media, Iran’s mission to the United Nations didn’t respond or comment on these charges.

About Steve Balestrieri View All Posts

Steve is a SOFREP Senior Editor. He has served as a Special Forces NCO and Warrant Officer before injuries forced his early separation. He writes for SOFREP and covers the NFL for PatsFans.com and his work was regularly featured in the Millbury-Sutton Chronicle and Grafton News newspapers.

COMMENTS

You must become a subscriber or login to view or post comments on this article.

More from SOFREP

REAL EXPERTS.
REAL NEWS.

Join SOFREP for insider access and analysis.

TRY 14 DAYS FREE

Already a subscriber? Log In