Facebook Removes Iranian Accounts Targeting U.S. Defense Firms


Facebook Inc. said it took down a network of accounts connected to a group of Iranian hackers who were targeting employees of defense and aerospace companies in the U.S., UK and Europe.

Facebook said it removed fewer than 200 accounts operated by a group known as Tortoiseshell, which used various social media platforms to pose as recruiters, journalists and workers in other industries to gain the trust of their targets and trick them into clicking on malicious links, the company said Thursday. The hacker group’s campaign sought to steal login credentials, obtain information about their victims’ digital devices, and deliver targeted malware, according to Facebook.

The campaign had “all the hallmarks of well-resourced, persistent behavior,” Mike Dvilyanski, Facebook’s head of cyber espionage investigations, told reporters Thursday. Facebook said some of the malware was developed by Mahak Rayan Afraz, a Tehran-based IT company with ties to the Islamic Revolutionary Guard Corps. Facebook also notified law enforcement about the hacking group, as well as the fewer than 200 individuals affected, Dvilyanski said.

Facebook’s report came as part of its routine disclosures about governments and organizations using its network for manipulation campaigns. The Menlo Park, California-based company has been probing such efforts on its platform and attempting to remove them ever since discovering Russia’s fake account operations around the 2016 U.S. presidential elections.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.