18. July 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

On Thursday, Facebook announced that it had shut down approximately 200 accounts operated by a group of hackers in Iran as part of a cyber-spying operation that focused primarily on US military officials and others working in defense and aerospace firms. 

The group, termed ‘Tortoiseshell’ by security experts, utilized fraudulent online identities to interact with targets, establish confidence over time (often months), and lead them to other sites where they were duped into clicking malicious links that infected their devices with spying software, according to Facebook. 

In a blog post, Facebook’s investigative team stated, “This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who’s behind it.” 

Thus according to Facebook, the group created dubious identities on numerous social media sites to look more legitimate, frequently impersonating recruiters or staff of aerospace and defense firms. LinkedIn, which is controlled by Microsoft, announced the removal of several accounts, while Twitter said it was “actively investigating” the data in Facebook’s report. 

The virus was distributed via email, chat, and collaboration platforms, according to Facebook, including malicious Microsoft Excel spreadsheets. In a statement, a Microsoft spokesman said the company was aware and following this actor, and that it takes action when harmful behavior is detected.