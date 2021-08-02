



An Iranian state actor has spent years posing as someone by the name of “Marcella Flores” in an attempt to spy on an American aerospace defense contractor. A new report from cybersecurity firm Proofpoint has identified the actor in state-sponsored espionage against defense “industrial base” contractors performing work related to the Middle East. Identified as TA456, the state actor first established a relationship with an employee of a subsidiary of the defense company. Then, in early June 2021, attempted to “capitalize on that relationship” by sending malware to employees as part of an “ongoing email communication chain,” according to Evidence. TA456 is also associated with espionage activity known as Tortoiseshell and Imperial Kitten. Over a period of at least eight months, TA456, as Marcy or Marcella, sent “benign email messages, photographs and video to establish its veracity and make a connection. At one point, TA456 attempted to send a benign, but flirtatious video message via a OneDrive URL, ”the report said. KHAMENEI IRAN ACCUSES US OF BEING “MALICIOUS” IN NUCLEAR TALKS The goal was to infect employees’ machines with malware called LEMPO to perform discovery and steal sensitive information, Proofpoint said. Once the malware is active, it records the discovery details on the host, sends sensitive information to an email account controlled by a state actor, and then deletes the files to cover its tracks, according to the. report. Marcella becomes friendly on Facebook In addition to a Gmail account, Marcella maintained a now suspended Facebook profile, according to the report. A Facebook profile photo was uploaded on May 30, 2018, and Marcella began interacting with the employee on social media at the end of 2019. The profile is very similar to fictitious profiles previously used by Iranian state actors, according to the report. “Marcella’s profile appeared to be friends with several people who publicly identify themselves as employees of defense contractors and who are geographically dispersed from Marcella’s alleged location in Liverpool, UK,” the report. CLICK HERE TO GET THE FOX NEWS APP “While targeting defense contractors is not new to TA456, this campaign uniquely establishes the group as one of the most determined Iran-aligned threat actors tracked by Proofpoint,” says the report, adding that targeting US defense contractors linked to Middle East contracts “is consistent with historic Iranian cyber activity.” “ Facebook addressed the wider campaign in an article earlier this month. “In an apparent expansion of malicious activity to other regions and industries, our investigation found that it targeted military personnel and companies in the defense and aerospace industries, primarily in the United States, and in a lesser extent in the UK and Europe, ”the company said in a statement. a declaration. “This group used various malicious tactics to identify their targets and infect their devices with malware to enable espionage.”

