Iran appears to be intensifying its effort to exploit U.S. and Western targets in cyberspace, running a campaign aimed at manipulating American military personnel and defense companies on social media.
Tehran’s latest campaign, orchestrated on Facebook by a group known as Tortoiseshell, used a series of sophisticated, fake online personas to make contact with U.S. servicemembers and employees of major defense companies in order to infect their computers with malware and extract information.
“This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it,” Facebook said Thursday in a blog post, calling it part of a “much broader cross-platform cyber espionage operation.”
Personas used
Employees of defense companies in the U.K. and other European countries were also targeted.
“These accounts often posed as recruiters and employees of defense and aerospace companies from the countries their targets were in,” Facebook said. “Other personas claimed to work in hospitality, medicine, journalism, NGOs and airlines.”
And the hackers were in no hurry.
“Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months,” Facebook said. “They leveraged various collaboration and messaging platforms to move conversations off-platform and send malware to their…