In cyberspace, Iran appears to be intensifying its efforts to exploit US and Western targets, with a campaign aimed at social media by US military personnel and defense agencies.
A group known as Tortoisel used multiple sophisticated, fake online individuals to communicate malware infections and information on their computers to communicate with Tehran’s latest publicity on Facebook, US computer service members and staff of major defense agencies.
“This operation was characterized by a strong and stable operation, relying on a relatively strong operational security system to hide who is behind it,” Facebook said in a blog post on Thursday, calling it part of “a wide range of cross-platform cyber” intelligence. Operation. “
Personas are used
Defense personnel were also targeted in the United Kingdom and other European countries.
Facebook said, “These accounts often appeared as employers and employees of the defense and space agencies of the countries where they were targeted.” “Other people have demanded to work in hospitality, medicine, journalism, NGOs and airlines.”
And the hackers were in no hurry.
“Our investigation found that the group spent significant time across the Internet in their social engineering endeavors, in some cases engaging in their targets for months,” Facebook said. “They used various collaborations and messaging platforms to move conversations off the platform and send malware to their target. Took a chance “”
Facebook said it notified users who appeared to be targeted, dropped fake accounts and blocked the sharing of malicious domains.
The social media agency said it was able to identify the activity with Iran because of a unique malware developed by Mahak Ryan Afraz, a Tehran-based organization linked to Iran’s Islamic Revolutionary Guard Corps.
Mindiant Threat Intelligence, a private cybersecurity firm, said on Thursday that it agreed with Facebook’s assessment that Iran and the IRGC were behind the operation.
Tortoisel has “historically targeted individuals and organizations associated with U.S. military and information technology providers in the Middle East since at least 2018,” Sarah Jones, senior principal analyst at Mandient, said in an email.
Jones added that it is noteworthy that some of the fake domains associated with the Iranian propaganda used the name of former US President Donald Trump, “including TrumpTotal.[.]Net “,” trumporganization[.]World “, and” trumporganization[.]com “.
“These national domains can offer social engineering advice related to U.S. political issues,” Jones said. “We have no evidence that these domains were managed or used to target anyone related to the Trump family or property.”
Facebook, which discovered the hacking campaign, did not comment on whether Iran was able to steal any critical or sensitive data.
U.S. military officials have also declined to comment on whether Iranian hackers are capable of stealing.
“The U.S. Cyber Command does not discuss operations, intelligence information and cyber plans for operational security,” a spokesman told VOA.
“The threats posed by social media interaction are not unique to any particular social media platform and Defense Department personnel must be careful when hiring online,” the spokesman added.
U.S. intelligence officials have expressed growing concern about Iran’s growing power and aggression in cyberspace.
In its annual Worldwide Threat Assessment, published in April, the Office of the Director of National Intelligence called Tehran “a significant threat to the United States and its allied networks and data security.”
“We expect Tehran to focus on online covert influence, such as spreading false threats or disguising the infrastructure of compromised elections and rebuilding anti-US content,” the report said.
The U.S. intelligence community, earlier this year, accused Iran of meddling in the 2020 U.S. presidential election, “conducting a multilateral covert influence operation aimed at reducing the chances of former President Trump being re-elected.”
United States: Russia, Iran take part in November elections; China hold back
Burdwan thinks Biden’s risk of being caught in Beijing after completing US intelligence assessment outweighs the benefits of winning the White House
U.S. officials said part of the effort involved hacking the voter registration system in at least one U.S. state and using the information to send threatening emails to potential voters.
The United States has confirmed voter registration data to Iran in 1 state
Officials described the hack as part of a broader Iranian campaign and warned that more attacks were taking place as Tuesday’s election was secure
Most recently, cybersecurity firm Proofpoint reported that a separate Iranian hacker group affiliated with the IRGC, known as TA453, was raised by Churchin Keaten as a professor at a British university to steal information and research from think tanks and academics.
Iranian hackers have disguised themselves as UK scholars to target experts
Researchers say they assess with “high confidence” that hackers support the Iranian Revolutionary Guard Corps’ intelligence gathering efforts.