Hello, Guest!

Cybersecurity

Facebook Uncovers Iranian Spying Ring, Alerts Vulnerable Social Media Users

Social engineering alert

Facebook Uncovers Iranian Spying Ring, Alerts Vulnerable Social Media Users

Facebook revealed on Thursday that Iran is bolstering efforts to exploit U.S. and allied targets in cyberspace by launching social engineering campaigns against military personnel and defense industry workers. Tehran’s latest campaign uses a series of sophisticated fake online personas to reach out to U.S. soldiers and employees of major defense companies, Illinois News Live reported Monday.

In a blog post alerting users, Facebook tagged a group known only as Tortoiseshell for leading what is apparently a sophisticated spying operation. The covert information-gathering activity was described as being “resource-rich and with permanent operational characteristics, relying on relatively strong operational security measures to hide the people behind it.”

Facebook said employees of defense companies in the U.K. and other European countries were also targeted. The social media company said the Iranian spies often pretend to be recruiters and employees of defense and aerospace companies in the target country. Others pretend to work for hospitality, medicine, journalism, NGOs and airline companies.

Facebook said its research revealed that the people behind Tortoiseshell have spent a considerable amount of time working on social engineering over the internet, taking advantage of a variety of collaboration and messaging platforms to move conversations off the platform and send malware to their targets.

To counter the creeping threat, Facebook has notified users who appeared to be targeted. The company has also deleted fake accounts and blocked sharing of malicious domains.

Facebook said that it has managed to trace the malware to a Tehran-based company with known links to Iran’s Islamic Revolutionary Guard Corps.

Mandiant Threat Intelligence, a Virginia-based cybersecurity firm, agreed with Facebook’s assessment that Iran’s IRGC is behind the campaign. A company executive said Tortoiseshell has been targeting people and organizations in the U.S. military and information technology providers in the Middle East since at least 2018.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity