07202018Fri

Iranian Hackers Catfish a Cybersecurity Employee

Iran Focus

London, 6 Oct - A team of Iranian hackers used Facebook to target Deloitte, one of the world’s biggest accounting firms, according to Forbes.

One Deloitte employee fell victim to the scam in late 2016 at roughly the same time as a separate hack which affected Deloitte data in Microsoft's Azure cloud-hosting service.

The hacking group known as OilRig, which as Forbes pointed out in July were believed to have been working for the Iranian Regime, created a fake Facebook profile for a beautiful, charming woman using the name Mia Ash.

In July 2016, the creators of the fictitious Mia began getting a Deloitte cybersecurity employee and engaging him in conversations about his job via the website’s chat function.

As their relationship grew, the unnamed employee offered to help set Mis up with a website for her alleged business and then eventually, she convinced him to open a document containing malware on his work computer.

Though this malware did not infect the wider company network, it shows how easily the hackers were able to manipulate a security worker, who helped clients to defend themselves against similar digital attacks, and how they could do it again.

James Lewis, a former U.S. diplomat and cybersecurity expert at the Center for Strategic and International Studies, said: "This kind of thing is effective because men can't help themselves apparently."

Lewis continued by saying that we should ask why the employee was targeted and whether it was because of his job role or the company, although either option is worrying.

Lewis said: "In a couple instances the Iranians have been really clever: they don't go after the primary target, they go after the secondary... the Deloitte guy might have been interesting only because of who he was connected to."

Although OilRig doesn't do a lot of hacking outside the Middle East, this latest breach is very worrying.

Lewis said: "It's been a steady upward path for [the Regime], starting a decade ago. They test on their citizens, they practise every week against Israel. They've relationships with the Russians, Chinese and North Koreans, and in at least two of those - Russia and North Korea - we know they've exchanged tactics tools and procedures for cyber."

Mia’s profile was creates using images and information stoled from a real-life photographer, Cristina Mattei, from Romania. The hackers also created multiple social media profiles for her so that a Google search wouldn’t show up anything suspicious.

Indeed, SecureWorks cybersecurity researcher Allison Wikoff said that this was one of the most developed fake personas she'd ever seen.

Mia was also used to befriend an Asia-based cybersecurity professional at Deloitte until February 2017, when she also sent him a file- supposedly of photos of her- to open on his work laptop. Thankfully, this was caught by a malware detector.

Search

Iran, Tehran – Anti-Regime Chants in Protest, June 25

Iran, Tehran – Major Protest With Chants of ‘We Will Fight, We Will Die, but We’ll Take Back Iran’

Iran, Tehran – Chants of ‘Death to the Dictator’, June 25

Iran, Tehran – Clashes Between People and Security Forces, June 25

Iran, Tehran – People Defend Themselves in Protest, June 25

North Khorasan Province, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Yazd, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Bandar Abbas, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Pasargadae, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Bandar Lengeh, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Isfahan, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran,Isfahan, Apr. 10, 2018. Farmers' Protest Rally Continues

Iran,Isfahan, Apr. 10, 2018. Farmers Stage Major Protest Gathering in Khourasgan Square

Iran – the Portrait of Khamenei and Khomeini Was Set on Fire

>

Ahvaz, 29 Mar, Peaceful Demonstration of People Faces With Brutal Clashes by the Security Forces

IRAN, AHVAZ, Mar 27&28 People Clash With Security Agents Who Wanted to Destroy Their Houses

WARNING - VULGAR LANGUAGE March 13 - Tehran, NW #Iran‌ Protesters Celebrating #FireFest and Clashing

Iran: Video Clip, Activists Setting Fire 2 Paramilitary Bassij Center in Lavasan, North Tehran. #Fir

March 13 - Qazvin, NW #Iran‌ Protesters Starting #FireFest, Defying Authorities Banning Such #4Shanb