Fake Facebook profiles used by Iranian hackers in cyber espionage plot
Posted by: Jon Ben-Mayor on 05/29/2014 03:27 AM
[
Comments
]
A 3 year cyber espionage campaign has been discovered allegedly involving Iranian hackers using fake Facebook profiles along with a fictitious news website to ensnare military and political leaders in the United States, Israel and other countries, this according to ISight Partners cyber intelligence firm.
This campaign, working undetected since 2011, targets senior U.S. military and diplomatic personnel, congressional personnel, Washington D.C. area journalists, U.S. think tanks, defense contractors in the U.S. and Israel, as well as others who are vocal supporters of Israel to covertly obtain log-in credentials to the email systems of their victims. Additional victims in the U.K. as well as Saudi Arabia and Iraq were targeted.
The fake personas claim to work in journalism, government, and defense contracting. These accounts are elaborate and have created credibility using, among other tactics, a fictitious journalism website, newsonair.org, that plagiarizes news content from other legitimate media outlets.
These credible personas then connected, linked, followed, and “friended” target victims, giving them access to information on location, activities, and relationships from updates and other common content.
Accounts were then targeted with “spear-phishing” messages. Links which appeared to be legitimate asked recipients to log-in to false pages, thus capturing credential information. It is not clear at this time how many credentials the attack has captured to date.
Additionally, this campaign is linked to malware. While the malware is not particularly sophisticated it includes capability that can be used for data exfiltration.
According to a statement from iSight picked up by the Indian Times, the hackers used the 14 personas to make connections with more than 2,000 people, adding that it believed the group ultimately targeted several hundred individuals.
iSight Executive Vice President Tiffany Jones says; “this campaign is not loud. It is low and slow, they want to be stealth. They want to be under the radar.”
ISight said it had alerted some victims and social networking sites as well as the U.S. Federal Bureau of Investigation and overseas authorities. An FBI spokeswoman declined to comment.
This campaign, working undetected since 2011, targets senior U.S. military and diplomatic personnel, congressional personnel, Washington D.C. area journalists, U.S. think tanks, defense contractors in the U.S. and Israel, as well as others who are vocal supporters of Israel to covertly obtain log-in credentials to the email systems of their victims. Additional victims in the U.K. as well as Saudi Arabia and Iraq were targeted.
The fake personas claim to work in journalism, government, and defense contracting. These accounts are elaborate and have created credibility using, among other tactics, a fictitious journalism website, newsonair.org, that plagiarizes news content from other legitimate media outlets.
These credible personas then connected, linked, followed, and “friended” target victims, giving them access to information on location, activities, and relationships from updates and other common content.
Accounts were then targeted with “spear-phishing” messages. Links which appeared to be legitimate asked recipients to log-in to false pages, thus capturing credential information. It is not clear at this time how many credentials the attack has captured to date.
Additionally, this campaign is linked to malware. While the malware is not particularly sophisticated it includes capability that can be used for data exfiltration.
According to a statement from iSight picked up by the Indian Times, the hackers used the 14 personas to make connections with more than 2,000 people, adding that it believed the group ultimately targeted several hundred individuals.
iSight Executive Vice President Tiffany Jones says; “this campaign is not loud. It is low and slow, they want to be stealth. They want to be under the radar.”
ISight said it had alerted some victims and social networking sites as well as the U.S. Federal Bureau of Investigation and overseas authorities. An FBI spokeswoman declined to comment.
Comments
