Iranian hackers used Facebook to create elaborate fake personas with the purpose of getting Americans in the military, defense, and aerospace industries to fall for phishing schemes so that the hackers could access personal and classified information, Facebook said on Thursday.

The hackers also targeted defense personnel in the U.K. and Europe.

The Iranian spying campaign began last year. Facebook took down “fewer than 200 operational accounts”, according to Mike Dvilyanski, Facebook’s head of cyber-espionage investigations.

This is another attack on the U.S. but this time, Iran didn’t target infrastructure or large corporations but the military and defense industry.

Facebook reported that the group, dubbed ‘Tortoiseshell’ by cybersecurity experts, used fake online personas, posing as legitimate defense or aerospace contractors to connect and build trust with members. They then would trick targets into other sites which contained links that would infect their devices with spying malware.

Iranian Hackers Use Facebook to Spy on US Military
Hackers assigned to the Iranian Revolutionary Guard Corps. (Iranian military)

“This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a release on their blog.

“Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months,” Facebook added.

The Iranians created “catfish” fake personas that were “designed to look like things people would engage with,” said Dvilyanski. Some of the personas included “attractive young women posing as professionals, sometimes pretending to be recruiters for particular companies or industries.”