Iranian hackers created fake Facebook personas and befriended U.S. and western officials in an “unprecedented, three-year cyber-espionage campaign,” reports Reuters.
According to Internet security firm iSight Partners, the targets included lobbyists, politicians, ambassadors, a U.S. Navy admiral and officials from several other countries including Saudi Arabia and the U.K.
The operatives used fake accounts and fictitious personal content to befriend targets. Eight personas claimed to work for defense contractors or similar organizations and six others appeared to work for the website newsonair.org.
Among the 14 fake profiles were NewsOnAir reporters (one with the same name as a Reuters journalist in Washington), six defense contractor employees, a U.S. Navy systems administrator and an accountant.
The hackers approached their targets through “friends of friends” on Facebook, Google, LinkedIn and Twitter. Then they sent malicious software to infect users’ PCs or direct targets to websites requiring login credentials.
iSight said the operation has been active since 2011, and is thought to be the most elaborate cyber-espionage campaign using “social engineering” uncovered to date. More than 2,000 connections have been uncovered with several hundred believed to have been targeted in a “low and slow” campaign.
It is not clear whether the Iranian government is tied to the hacking group, but iSight believes the complexity of the operation required support by a nation state. Newsonair.org was registered in Tehran and likely hosted by an Iranian provider, said iSight.
A spokesman for Facebook said it had discovered the hacking group and removed the accounts. A LinkedIn investigation found that none of the 14 fake profiles uncovered by iSight are currently active.
According to Reuters, “iSight disclosed its findings as evidence emerges that Iranian hacking groups are becoming increasingly aggressive.”