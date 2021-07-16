



New link to Tehran: Facebook cyber experts determined that some of the hacker’s malware was developed by Iranian computer company Mahak Rayan Afraz, which has ties to Iran’s Islamic Revolutionary Guard Corps. As far as I know, this is the group’s first public attribution of the malware to a vendor or shell company with ties to [the] IRGC, said Dvilyanski. The targets : The tortoiseshell has traditionally targeted Middle Eastern IT companies. But in 2020, Dvilyanski said, he focused on aerospace and defense companies, mainly in the United States but also in Europe and Britain. With this hacking campaign, Tortoiseshell targeted less than 200 people. The tactic: After posing as recruiters or fellow industry professionals, hackers convinced victims to visit malicious websites that mimicked familiar domains. Some were for defense contractors, while one usurped the US Department of Labor’s job search page. Other sites have mimicked messaging platforms to collect victims’ login credentials. In some cases, hackers have talked to their targets for months. Many malicious sites collected information from victims’ computers, which helped hackers deliver personalized malware to individual victims, Facebook said. The tools: Tortoiseshell is known to develop its own malware, including remote access Trojans and keyloggers. In the latest campaign, he sometimes injected malware into Microsoft Excel spreadsheets. From time to time, Facebook said, hackers used new malware that stored the results of their reconnaissance work in a hidden part of an Excel spreadsheet. Facebook speculated that the hackers were planning to trick their target into saving and returning the file. The answer: After deleting hacker accounts and preventing users from posting their malicious links, Facebook notified the alleged victims and shared technical data with industry and law enforcement partners.

Sources 1/ https://Google.com/ 2/ https://www.politico.com/news/2021/07/15/facebook-blocks-iran-hacking-campaign-499768

