BACKGROUND:

Facebook has released an intel report on Iranian threat activity. The report discloses actions the company took against a group of hackers in Iran, known as Tortoiseshell, to disrupt their ability to use their infrastructure to abuse the platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sarah Jones
Sarah Jones , Senior Principal Analyst
InfoSec Expert
July 16, 2021 11:56 am

<p>We track most of the activity described in the Facebook article as UNC1833, a group which has historically targeted people and organizations affiliated with the U.S. military and information technology (IT) providers in the Middle East since at least 2018. Some resources used by the group are tied to other Iranian groups like APT35. Overlaps often reflect the fluid movement of Iranian personnel between companies and organizations supporting Iran\’s offensive cyber program. Facebook’s description of Iranian groups which outsource all or parts of their operations to outside companies is consistent with our observations. We assess that a front company tied to IRGC is involved in these operations.</p>
<p>The existence of Trump related domains is notable, though we have no evidence that these domains were operationalized or used to target anyone affiliated with the Trump family or properties. Domains such as these could suggest social engineering associated with US political topics. In the past we have seen targeting of the US political sphere by IRGC affiliated actors. Iran is still an aggressive cyber actor that shouldn’t be ignored. Though a lot of their activity is focused on the Middle East, they are not limited to their region.</p>

Last edited 11 months ago by Sarah Jones
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x