Iranian
state targeted the public and private sector in the US, Israel, UK
and beyond using social media.
Iranian
hackers use more than ten fake identities on social networking sites
(Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a
coordinated long-term cyber espionage campaign. At least 2,000
people are caught in the snare and are connected to the false
identities.
This
campaign is working undetected since 2011 and targets senior American
military and diplomatic personnel, congressional personnel,
Washington DC journalists, US think tanks, defense contractors in the
US and Israel, and others who are loud supporters of Israel to
covertly obtain log-in credentials to the email systems of these
victims. They targeted also additional victims in the UK as well as
Saudi Arabia and Iraq.
The
targeting, operational schedule and infrastructure used in this
campaign is consistent with Iranian origins.
The
fake identities claim they work in journalism, government and
defense contracting. These accounts are elaborate and create
credibility using among other tactics a fictitious journalism
website newsonair.org
that copies news content from other media outlets.
These
credible identities then connected, linked, followed and friended
target victims to get access to information on location, activities
and relationships from updates and other common content.
These
identities then targeted accounts with spear-phishing
messages. Links which appeared to be legitimate asked
recipients to log in to false pages to capture credential
information. It is not clear at this time how many credentials the
attack captured so far.
Additionally
this campaign is linked to malware. While the malware is not very
sophisticated, but it includes capability that can be used for data
exfiltration.
- Social media offers a powerful and hidden route to target key government and industry leadership through an external base possibly outside of existing security measures.
- With reference to targeting associated with this campaign it is possible that Iranian hackers used accesses gained through these activities to support the development of weapon systems, reveal the disposition of the US military or the US alliance with Israel or give an advantage in negotiations between Iran and the US. Furthermore it is possible that any access or knowledge could be used as reconnaissance-for-attack before disruptive or destructive activities
- These adversaries are improving in finding and exploiting opportunities to carry out cyber espionage, even if they lacked sophisticated capability. NEWSCASTER’s success is largely due to patience, brazen nature and innovative use of multiple social media platforms.It seems that the NEWSCASTER network targets mainly senior military and policymakers, companies associated with defense technology and the US-Israel lobby, however there are also victims in the financial and energy sectors as well as elsewhere and only a part of the accounts connected to this network were seen. Organizations involved in critical infrastructure or have information that may be of strategic or tactical interest to a nation-state adversary should be concerned about a threat such as this.
No comments:
Post a Comment