FB removes accounts run by Iran hackers
Facebook said on Thursday it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyberspying operation that targeted mostly US military personnel and people working at defense and aerospace companies.
The social media giant said the group, dubbed ‘Tortoiseshell’ by security experts, used fake online personas to connect with targets, build trust sometimes over the course of several months and drive them onto other sites where they were tricked into clicking malicious links that would infect their devices with spying malware.
“This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a blog post.
The group, Facebook said, made fictitious profiles across multiple social media platforms to appear more credible, often posing as recruiters or employees of aerospace and defense companies. Microsoft-owned Linkedin said it had removed a number of accounts and Twitter said it was “actively investigating” the information in Facebook’s report.
Facebook said the group used email, messaging and collaboration services to distribute the malware, including through malicious Microsoft Excel spreadsheets. A Microsoft spokesperson said in a statement it was aware of and tracking this actor and that it takes action when it detects malicious activity. —
This activity had the hallmarks of a wellresourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it Facebook’s investigations team