Rating and reviews of the top programs that enable you to track all the users’ activity on computers, Android cell phones, and smartphones from anywhere

Rating and reviews of the top programs that enable you to track all the users’ activity on computers and Android devices from anywhere
RSS

An friend of yours may be the attacker: Iranian hackers have been building trust with their future victims for 18 months

If you deal with confidential information, you should be extremely vigilant at all times, not just in the workplace. Insidious hackers can hunt you down for years, gaining confidence in you, lulling your vigilance … so that you open an attached file in a message from the person you think you know.

For more than a year and a half, Iranian hackers from the TA456 group (also known as Tortoiseshell and Imperial Kitten) spent plenty of time communicating with their potential victims on Facebook before their targeted attack. Hackers were posing as aerobics instructor Marcella Flores, Proofpoint reports. The Facebook and Instagram profiles belonging to this fake person were created in 2019, and the attack itself took place only in early 2021.

The attackers’ goal was to inject malware into the machines of employees of the US aerospace defense contractors – especially those associated with operations in the Middle East.

The attackers used the Gmail account of “Flores” to inject an updated version of the Lideric malware which Proofpoint researchers dubbed Lempo, into victims’ computers. A yet another e-mail within a long-lasting correspondence was sent from the “Flores” mailbox. But that time it contained links to OneDrive that led to a malware-laden video file or a document with a survey related to dieting.

Once inside the system, Lempo secretly anchors itself there, allowing attackers to find and steal confidential information, including usernames and passwords. Proofpoint notes that “Marcella Flores” was just one of the many fake identities created by the hacker group TA456. Moreover, it is impossible to say for sure whether these attacks were successful.

Experts believe that the stolen credentials could have been used by attackers for further attacks and spy campaigns. Stealing data from contractors could allow hackers to move up the supply chain and gain access to the networks of companies from defense and aerospace industries.

So, Proofpoint experts warn that everyone whose work is related to the defense industry, should be vigilant when interacting with unknown persons, no matter whether such communication takes place at work or via personal accounts.

X Close