• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Iranian APT Campaign Booted From Facebook

Iranian APT Campaign Booted From Facebook

2021-07-20 by Grace Choi

Facebook’s Threat Intelligence Team Bans Tortoiseshell

Facebook’s head of espionage investigations, Mike Dvilyanski, and director of threat disruption, David Agranovich have reported that Iranian APT group, Tortoiseshell, has plotted targeted attacks on U.S. military personnel and companies in defense and aerospace industries.

The social media giant has blocked all found malicious domains being pushed by Tortoiseshell, and has taken down the group’s activity on Facebook. Targets of this campaign have been notified.

“This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide behind it,” according to the Facebook team.

Tortoiseshell’s Facebook Campaign Focuses on Social Engineering

The APT group has focused its efforts in social engineering, luring targets off of Facebook and onto external sites to expose them to malware.

The group created fake online personas, posing as recruiters and employees of defense and aerospace companies. There are also reports of personas claiming to work in the fields of hospitality, medicine, journalism, non-governmental organizations (NGO’s) and airlines.

Using these fake identities, the group would engage with targets, sometimes for months, in order to build trust and get them to visit malicious sites. Knowing that spreading malware directly through Facebook is risky, threat actors created dozens of domains, designed to appeal to a wide audience across different industries and subjects of interest.

Of those domains, 5 URL’s contained the name “Trump.” There were other domains masquerading as defense contractors, U.S. Labor Department Career sites, as well as email providers.

Facebook’s report states that “as part of their phishing campaigns, they spoofed domains of major email providers and mimicked URL-shortening services, likely to conceal the final destination of these links.” These links were used to steal login credentials to victims’ online accounts (i.e. corporate and personal email accounts, collaboration tools commonly used in the workplace, social media, etc.). By doing this, they would be able to obtain information about their victims’ devices, connected networks, and installed software, which would then allow the attacker to create and deliver “tailor-made” malware.

SEE ALSO DOJ Seizes 33 Iranian Websites Violating Sanctions

Investigations Give Insight Into Malware Source

Tortoiseshell’s campaign has been tracked as UNC1833 by FireEye, a cybersecurity company that focuses on the detection and prevention of major cyberattacks. They found that the Iranian APT group is connected to APT35 or “Charming Kitten,” an Iranian government cyberwarfare group.

According to Facebook, Tortoiseshell has been using custom malware that included remote access Trojans, tools to spy on devices and networks, as well as keystroke loggers. Some of the malware was developed by Mahak Rayan Afraz, a Tehran IT company that is involved with the Islamic Revolutionary Guard Corps.

While Tortoiseshell has been focused on IT campaigns in the Middle East, they have apparently been expanding their operation to the United States as well as the U.K. and Europe.

Filed Under: News Tagged With: Facebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version