TA456 hackers built an elaborate online profile to fool their targets into downloading malware

Iranian hackers spent 18 months masquerading as an aerobics instructor in a cyber-espionage campaign designed to infect employees and contractors working in defence and aerospace with malware in order to steal usernames, passwords and other information which could be exploited.

Active since at least 2019, the campaign used Facebook, Instagram and emails to pose as the fake persona “Marcella Flores”. The attackers could spend months building up a rapport with targets via messages and emails before distributing malware after the trust was gained.

The campaign has been detailed by cybersecurity researchers at Proofpoint who’ve linked it to TA456, also known as Tortoiseshell — a state-backed Iranian hacking group with ties to the Islamic Revolutionary Guard Corps (IRGC) branch of the Iranian military.

Read more…
Source: ZDNet