10222017Sun

Iranian Hackers Catfish a Cybersecurity Employee

Iran Focus

London, 6 Oct - A team of Iranian hackers used Facebook to target Deloitte, one of the world’s biggest accounting firms, according to Forbes.

One Deloitte employee fell victim to the scam in late 2016 at roughly the same time as a separate hack which affected Deloitte data in Microsoft's Azure cloud-hosting service.

The hacking group known as OilRig, which as Forbes pointed out in July were believed to have been working for the Iranian Regime, created a fake Facebook profile for a beautiful, charming woman using the name Mia Ash.

In July 2016, the creators of the fictitious Mia began getting a Deloitte cybersecurity employee and engaging him in conversations about his job via the website’s chat function.

As their relationship grew, the unnamed employee offered to help set Mis up with a website for her alleged business and then eventually, she convinced him to open a document containing malware on his work computer.

Though this malware did not infect the wider company network, it shows how easily the hackers were able to manipulate a security worker, who helped clients to defend themselves against similar digital attacks, and how they could do it again.

James Lewis, a former U.S. diplomat and cybersecurity expert at the Center for Strategic and International Studies, said: "This kind of thing is effective because men can't help themselves apparently."

Lewis continued by saying that we should ask why the employee was targeted and whether it was because of his job role or the company, although either option is worrying.

Lewis said: "In a couple instances the Iranians have been really clever: they don't go after the primary target, they go after the secondary... the Deloitte guy might have been interesting only because of who he was connected to."

Although OilRig doesn't do a lot of hacking outside the Middle East, this latest breach is very worrying.

Lewis said: "It's been a steady upward path for [the Regime], starting a decade ago. They test on their citizens, they practise every week against Israel. They've relationships with the Russians, Chinese and North Koreans, and in at least two of those - Russia and North Korea - we know they've exchanged tactics tools and procedures for cyber."

Mia’s profile was creates using images and information stoled from a real-life photographer, Cristina Mattei, from Romania. The hackers also created multiple social media profiles for her so that a Google search wouldn’t show up anything suspicious.

Indeed, SecureWorks cybersecurity researcher Allison Wikoff said that this was one of the most developed fake personas she'd ever seen.

Mia was also used to befriend an Asia-based cybersecurity professional at Deloitte until February 2017, when she also sent him a file- supposedly of photos of her- to open on his work laptop. Thankfully, this was caught by a malware detector.

Search

Iran: Widespread Protests of Thousands of the People, Plundered by the State Affiliated Financial

Tehran: Widespread Protests of Thousands of the People, Plundered by the State Affiliated Financial

Clashes Erupts in Western City Over killing of Porters by Iran’s Security Forces

Vienna: Iranians Rally in Support of Comprehensive Sanctions against Tehran

Iran: Guidance Patrol harasses women in public places

Iran 22 August 2017: Hundreds of retirees protest outside regime's parliament

Iran, Khuzestan Province: People Clashed With Security Forces

People Chanting Against Iran Regime During the Football Match

Iran: Murder Scene of a Poor Street Peddler by Municipality Agents

Suicide increasing in northern Iran due to crackdown and poverty

Two prisoners were hanged in Sarpol-e Zahab (western Iran)

Iran: Execution of four young men in public in Qeshm- 23 November

The untold story of the 1988 Massacre in Iran

Reyhaneh Jabbari's will Her voice recording from inside prison

Public execution in Kazerun, Iran - August 11, 2016