Iran-Based Hackers Created Network of Fake LinkedIn,Facebook (two accounts),WordPress,Twitter,Blogger,Instagram Profiles
According to a research carried out by Dell SecureWorks, hackers are using social engineering tactics to ensnare their targets with a ‘Honey Pot’. The research firm found out that hackers are using female images to fake their persona around and create profiles in social media platforms such as LinkedIn, Facebook, and WhatsApp.
They are then contacting professionals such as scientists, admins at tech, oil and gas refineries, aerospace, engineers and staff working for politicians and are befriending them. Then for a month, they exchange pleasantries and also their intimate photos. After the victim falls into a cyber trap, they infect their machines with virus and force/blackmail them to work for the Iranian government.
The research discovered that the government of Tehran was funding the said project of hackers trapping scientists and professionals. By doing so it is trying to set up a classic example of espionage through seduction.
The malware which is being used to infect the machines is said to PupyRAT which gives the attacker a full privilege of taking a compromised machine under control.
Dell SecureWorks says that the pictures which are being used by the Iranian hackers were siphoned from a British photographer working for a Romanian firm.
When the law enforcement reached the photographer’s door step, she was amazed on knowing the fact that the images from her Pc were stolen in February this year.
Iranian Hackers group named Cobal Gypsy is suspected to be behind these attacks and has used a female’s name called Mia Ash to trap middle aged men.
Allison Wikoff, a senior security research working for Dell SecureWorks reports that Mia Ash doesn’t exist in reality and the hackers are launching attacks on her name by impersonating a female model’s photo.Facebook and LinkedIn acted swiftly on the tip-off given by Dell SecureWorks and immediately scrapped off the profile of Mia Ash.
But experts feel that the damage might have already done as some people holding high profile positions in companies operating in United States, India, Europe, and Canada might have already been targeted by hackers.
Note 1: Cybersecurity Insiders is displaying the image of Mia Ash in order to let the world know what is behind this pretty face.
Note 2: The images used in the Mia Ash profile likely belong to a student and photographer whose DeviantArt profile indicates is based in Romania (see Figure 6). She has uploaded hundreds of photographs of herself to social media sites such as DeviantArt, Instagram, and Facebook, leading CTU researchers to conclude that she is who she claims to be and that the photographs on the bittersweetvenom social media profiles are of her. The threat actors operating the Mia Ash persona likely stole images from the photographer’s social media accounts to create Mia Ash’s various accounts.