Facebook Stops Iranian Hackers

Facebook said last week it has disrupted a group of Iranian hackers who created fake social media profiles and sent targeted and malicious links to victims in an attempt to spy on Western defense contractors and military personnel. The campaign has apparent links to the Iranian government.

The hackers ran a sophisticated operation to gain their victims' trust, Facebook said, often posing as representatives of aerospace and defense firms to build deep relationships with their targets before directing them to fraudulent websites. Though the sites looked and acted like their legitimate counterparts, including a US Labor Department job site, they were designed to steal data and scan computer systems. The group zeroed in on individuals who work in the U.S. military and defense industry, and also targeted similar victims in the UK and Europe.

Mike Dvilyanski, Facebook's head of cyber espionage investigations, said the company has disabled "fewer than 200 operational accounts" on its platform associated with the Iranian campaign, and notified a similar number of Facebook users that they may have been targeted by the group. The Iranian campaign extended beyond Facebook and also used other platforms and messaging technologies including email. However, it's difficult to know how successful the espionage campaign may have been.

Until now, the hacking group had been focused on regional targets in the Middle East. Their expansion includes Western targets. This reflects an evolution in the group's behavior that began last year. "Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months. Once the hackers had gained entry into a target's device, they shared more files such as fraudulent Microsoft Excel spreadsheets that contained hidden malicious software that could collect even more information. The malware showed signs of being highly customized, not an "off-the-shelf" product, said Dvilyanski. Suggesting the hackers were well supported. Further investigation showed that the malicious software had been designed by an Tehran based software firm linked to Iran's powerful Islamic Revolutionary Guard Corps.

On a conference call with reporters, Dvilyanski said Facebook's cybersecurity group is "confident" about the connection between some of the malware used in the campaign and the IT firm, Mahak Rayan Afraz, and the link to the IRGC. A number of the IT firm's current and former executives are also connected to other companies under U.S. sanction.

"As far as I know, this is the first public attribution of the groups' malware" to an entity linked to the Iranian government, Dvilyanski told reporters on a conference call. In addition to notifying its users who had been targeted by the campaign and disabling accounts belonging to the hackers, Facebook also blocked links on its platform to websites controlled by the group, it said. The so-called "phishing" tactics used by the Iranian hackers have been replicated on a wide scale in recent months, with reports of a Russian campaign sending fake emails posing as the U.S. Agency for International Development.

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP