You are Home   »   News   »   View Article

Iranian cyber espionage group creates false Facebook profile to lure executives

Wednesday, August 2, 2017

An Iranian cyber espionage unit successfully persuaded a number of US, Israeli, Indian and Saudi, IT security, technology, oil/gas and aerospace male executives to reveal confidential data and enable access to an openly available remote access tool, PupyRAT, by creating a false Facebook profile of an attractive 20 something female photographer, according to cybersecurity company SecureWorks

Meet Mia Ash, an attractive, 20-something, London-based photographer, amateur model and social media influencer with a strong interest in tech-savvy guys working in the oil and gas industry. You guessed it: Mia does not exist.

The SecureWorks Counter Threat Unit has uncovered an intricate 'honey pot' spear-phishing and social engineering campaign being carried out by an established Iranian cyber espionage hacking group - nicknamed Cobalt Gypsy (a.k.a. OilRig). The group is believed to be working on behalf of the Iranian government. By using the Mia Ash 'honey pot' and making 'her' more real, the group successfully lured US, Israeli, Indian and Saudi, IT security, technology, oil/gas and aerospace male executives to reveal confidential data and enable access to an openly available remote access tool, PupyRAT.

The threat group built a social presence for Mia Ash, a non-existent young woman, on stolen personal photos, professional credentials, and other biographical data of two actual women. The SecureWorks investigation uncovered numerous accounts associated with the Mia Ash persona, including profiles on LinkedIn, Facebook, Blogger, WhatsApp and several email addresses. All social media profiles were designed to build trust and rapport with the male executives. The photos of 'Mia Ash' were consistent across the various accounts/profiles and were taken from several social media accounts of a young Romanian photographer and Instagram influencer. The social media profiles have since been removed due to a joint effort by SecureWorks and the social media platforms.

In light of this campaign and research, Secureworks recommends to organisations to routinely educate their staff on social engineering schemes and strongly discourage connecting with online personas that are not validated through real-world relationships. Additionally, CTU researchers recommend the deployment of an endpoint solution and monitor for anomalous activity generated by malware like PupyRAT.



Associated Companies
» SecureWorks


comments powered by Disqus

CREATE A FREE MEMBERSHIP

To attend our free events, receive our newsletter, and receive the free colour Digital Energy Journal.

FEATURED VIDEO

Gaining operational excellence through an integrated Digital Asset approach
Christopher Cran
from AVEVA Solutions Ltd

DIGITAL ENERGY JOURNAL

Latest Edition Apr-May 2017 issue
Apr 2017

Download latest and back issues

COMPANIES SUPPORTING ONE OR MORE DIGITAL ENERGY JOURNAL EVENTS INCLUDE

Learn more about supporting Digital Energy Journal