[ad_1]
Bazaar Member of the U.S. Army, friendly Facebook Messages from private sector contractors for months suggest a lucrative future in the aerospace or defense contractor industry, Facebook may have bad news.
On Thursday, the social media giant revealed that it continues its long journey and at least partially interrupted Iranian a hacking campaign, which he used to put Facebook accounts as a contractor, convincing U.S. social engineering of machine targets before sending files infected with malware or sending sensitive credentials to phishing sites. Facebook says hackers worked in hospitality or medicine, journalism or non-governmental organizations or airlines, sometimes including their targets with profiles on various social media platforms for months. Unlike in previous cases where Iranian state-sponsored social networking chains focused on Iranian residents, this latest campaign has targeted largely Americans and to a lesser extent victims in the UK and Europe.
Facebook said the investigation has removed “less than 200” fake profiles from its platforms and reported roughly the same number of Facebook users targeted by hackers. “According to our research, Facebook network espionage was part of a broader operation, targeting people from phishing, social engineering, fake websites and malicious domains on multiple social media platforms, emails and collaboration sites,” said David Agranovich, director of Facebook threat suspension. in a call to the press on Thursday.
Facebook has said it is a group called “Tortoiseshell” that believes the hackers behind the social engineering campaign are working on behalf of the Iranian government. APT34 or Helix Kitten and APT35 or Charming Kitten first appeared in 2019 with a group with some ties and similarities to other well-known Iranian groups known as. At the time, Symantec was a security company they saw the pirates Saudi Arabia’s IT provider violates the company’s customers in an apparent supply chain attack designed to infect it with a piece of malware known as Syskit. Facebook has seen the same malware used in this latest hacking campaign, but with a broader set of infection techniques and targets in the U.S. and other Western countries instead of the Middle East.
The turtle also appears to have chosen social engineering from the start as a result of a supply chain attack, and began chaining social media in 2018, according to security company Mandiant. That means a lot more than Facebook, says John Hultquist, vice president of threat intelligence at Mandiant. “Starting from some initial operations, they compensate for simplistic technical approaches with very complex social networking schemes, as Iran is a really skilled area,” says Hultquist.
In 2019, Cisco’s Talos security division saw Tortoiseshell rent a fake site for veterans called military heroes, the victim had malware designed to install a desktop application on the computer. Craig Williams, director of Talos ’intelligence team, says the fake site and the larger campaign identified by Facebook both show that the military is trying to find jobs in the private sector with a mature target for spies. “The problem we have is that the veterans who go into the commercial world are a huge industry,” Williams says. “Bad guys can find people who will make mistakes, who will click on things they shouldn’t do, who are attracted to certain proposals.”
Facebook has warned that the group also faked a U.S. Department of Labor site; the company provided a list of fake domains that represented news sites, versions of YouTube and LiveLeak, and different versions of URLs related to the Trump family and the Trump organization.
[ad_2]
Source link
