Iranian hackers used Facebook to create elaborate fake personas with the purpose of getting Americans in the military, defense, and aerospace industries to fall for phishing schemes so that the hackers could access personal and classified information, Facebook said on Thursday.
The hackers also targeted defense personnel in the U.K. and Europe.
The Iranian spying campaign began last year. Facebook took down “fewer than 200 operational accounts”, according to Mike Dvilyanski, Facebook’s head of cyber-espionage investigations.
This is another attack on the U.S. but this time, Iran didn’t target infrastructure or large corporations but the military and defense industry.
Facebook reported that the group, dubbed ‘Tortoiseshell’ by cybersecurity experts, used fake online personas, posing as legitimate defense or aerospace contractors to connect and build trust with members. They then would trick targets into other sites which contained links that would infect their devices with spying malware.
Hackers assigned to the Iranian Revolutionary Guard Corps. (Iranian military)
“This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a release on their blog.
“Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months,” Facebook added.
The Iranians created “catfish” fake personas that were “designed to look like things people would engage with,” said Dvilyanski. Some of the personas included “attractive young women posing as professionals, sometimes pretending to be recruiters for particular companies or industries.”
Iranian hackers used Facebook to create elaborate fake personas with the purpose of getting Americans in the military, defense, and aerospace industries to fall for phishing schemes so that the hackers could access personal and classified information, Facebook said on Thursday.
The hackers also targeted defense personnel in the U.K. and Europe.
The Iranian spying campaign began last year. Facebook took down “fewer than 200 operational accounts”, according to Mike Dvilyanski, Facebook’s head of cyber-espionage investigations.
This is another attack on the U.S. but this time, Iran didn’t target infrastructure or large corporations but the military and defense industry.
Facebook reported that the group, dubbed ‘Tortoiseshell’ by cybersecurity experts, used fake online personas, posing as legitimate defense or aerospace contractors to connect and build trust with members. They then would trick targets into other sites which contained links that would infect their devices with spying malware.
Hackers assigned to the Iranian Revolutionary Guard Corps. (Iranian military)
“This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a release on their blog.
“Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months,” Facebook added.
The Iranians created “catfish” fake personas that were “designed to look like things people would engage with,” said Dvilyanski. Some of the personas included “attractive young women posing as professionals, sometimes pretending to be recruiters for particular companies or industries.”
The Iranian Hackers’ Link to the Revolutionary Guard Corps
As soon as the hackers would access a target’s device, they would share more files, such as fake Microsoft Excel spreadsheets, that contained malicious software. This allowed the hackers to collect even more information, Facebook said.
The malware was most definitely not an “off-the-shelf” product, said Dvilyanski. This means that the hackers were well-supported. Facebook learned that the malicious software had been designed by Mahak Rayan Afraz a Tehran-based software firm linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).
Dvilyanski said in a media conference call that Facebook’s cybersecurity group is “confident” of the connection between some of the malware used in the campaign and Mahak Rayan Afraz, and the link to the IRGC.
A number of the firm’s current and former executives are also connected to other companies under U.S. sanctions, according to the Facebook blog post.
When pressed by international media, Iran’s mission to the United Nations didn’t respond or comment on these charges.
As someone who’s seen what happens when the truth is distorted, I know how unfair it feels when those who’ve sacrificed the most lose their voice. At SOFREP, our veteran journalists, who once fought for freedom, now fight to bring you unfiltered, real-world intel. But without your support, we risk losing this vital source of truth. By subscribing, you’re not just leveling the playing field—you’re standing with those who’ve already given so much, ensuring they continue to serve by delivering stories that matter. Every subscription means we can hire more veterans and keep their hard-earned knowledge in the fight. Don’t let their voices be silenced. Please consider subscribing now.
One team, one fight,
Brandon Webb former Navy SEAL, Bestselling Author and Editor-in-Chief
Barrett is the world leader in long-range, large-caliber, precision rifle design and manufacturing. Barrett products are used by civilians, sport shooters, law enforcement agencies, the United States military, and more than 75 State Department-approved countries around the world.
PO Box 1077 MURFREESBORO, Tennessee 37133 United States
Scrubba Wash Bag
Our ultra-portable washing machine makes your journey easier. This convenient, pocket-sized travel companion allows you to travel lighter while helping you save money, time and water.
Our roots in shooting sports started off back in 1996 with our founder and CEO, Josh Ungier. His love of airguns took hold of our company from day one and we became the first e-commerce retailer dedicated to airguns, optics, ammo, and accessories. Over the next 25 years, customers turned to us for our unmatched product selection, great advice, education, and continued support of the sport and airgun industry.
COMMENTS
There are on this article.
You must become a subscriber or login to view or post comments on this article.