BACKGROUND:

Facebook has released an intel report on Iranian threat activity. The report discloses actions the company took against a group of hackers in Iran, known as Tortoiseshell, to disrupt their ability to use their infrastructure to abuse the platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States.

Experts Comments

July 16, 2021
Sarah Jones
Senior Principal Analyst
Mandiant Threat Intelligence

We track most of the activity described in the Facebook article as UNC1833, a group which has historically targeted people and organizations affiliated with the U.S. military and information technology (IT) providers in the Middle East since at least 2018. Some resources used by the group are tied to other Iranian groups like APT35. Overlaps often reflect the fluid movement of Iranian personnel between companies and organizations supporting Iran's offensive cyber program. Facebook’s

.....Read More

We track most of the activity described in the Facebook article as UNC1833, a group which has historically targeted people and organizations affiliated with the U.S. military and information technology (IT) providers in the Middle East since at least 2018. Some resources used by the group are tied to other Iranian groups like APT35. Overlaps often reflect the fluid movement of Iranian personnel between companies and organizations supporting Iran's offensive cyber program. Facebook’s description of Iranian groups which outsource all or parts of their operations to outside companies is consistent with our observations. We assess that a front company tied to IRGC is involved in these operations.

The existence of Trump related domains is notable, though we have no evidence that these domains were operationalized or used to target anyone affiliated with the Trump family or properties. Domains such as these could suggest social engineering associated with US political topics. In the past we have seen targeting of the US political sphere by IRGC affiliated actors. Iran is still an aggressive cyber actor that shouldn’t be ignored. Though a lot of their activity is focused on the Middle East, they are not limited to their region.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.