Facebook announced today that a network of hackers that has links to Iran attempted to use its platform to target people in the US military. Tortiseshell, a hacker group, seems to be at the center of it all. According to Facebook, the group sought out individuals and companies in the aerospace and defense sectors. Its main targets were in the United States, but there were also attempts to victimize people in the UK and parts of Europe.
This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it. Our platform was one of the elements of the much broader cross-platform cyber-espionage operation, and its activity on Facebook manifested primarily in social engineering and driving people off-platform (e.g., email, messaging and collaboration services and websites), rather than directly sharing of the malware itself.Facebook
This attack is a great departure for Tortoiseshell. Before, the hacker group has been known to primarily target IT companies in the Middle East. The methods that it generally uses are similar to China’s ‘Evil Eye’ that is used to target the Uyghur community.
According to Facebook, the group created ‘sophisticated online personas’ that it used to contact its targets to build trust over time. The group used several across multiple social media platforms in order to appear more credible. The group even built fake recruiting websites and also spoofed a legitimate US Department of Labor job search tool.
Iran has already performed a variety of malicious online activities over the past year towards western nations. For example, just last September, Iran tried to meddle in the 2020 US presidential election.