Iranian hackers used Gmail, Facebook, to spy on US aerospace contractor

Computer hacking

A GROUP OF HACKERS, who are known to operate under the direction of the Iranian government, used fictitious Gmail and Facebook accounts to compromise employees of a United States defense contractor. A report issued on Monday by the California-based cybersecurity company Proofpoint identified the hackers behind the espionage campaign as members of a group codenamed Threat Actor 456 (TA456).

Known also as Imperial Kitten and Tortoiseshell, TA456 has a history of pursuing espionage targets at the direction of the Iranian government. According to Proofpoint, TA456 is among “the most determined” Iranian-aligned threat actors. The cybersecurity firm adds that the espionage activities of TA456 often target Western “defense industrial base contractors” that are known to specialize in the Middle East.

The most recent operation by TA456 involved a fictitious online personality that went by the name “Marcella Flores”, also known as “Marcy Flores”, who claimed to live in the British city of Liverpool. The group used a Gmail account and fake Facebook profile to reinforce the fictitious profile’s credibility, and to approach employees of United States defense contractors. One such employee began corresponding with Flores on Facebook toward the end of 2019.

In June 2021, after having cultivated the relationship with the defense employee for over a year, Flores sent the employee a link to a video file, purportedly of herself. The file contained a malware, known as LEMPO, which is designed to search targeted computers and provide the hacker party with copies of files found on penetrated systems.

Facebook is apparently aware of the espionage campaign by TA456. Last month, the social media company said it had taken action “against a group of hackers in Iran [in order] to disrupt their ability to use their infrastructure to abuse [Facebook’s] platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States”.

Author: Joseph Fitsanakis | Date: 03 August 2021 | Permalink

News you may have missed #810 (Petraeus resignation edition)

David PetraeusBy JOSEPH FITSANAKIS | intelNews.org |
►►How did Petraeus’ affair come to light? CIA Director David Petraeus resigned after a probe into whether someone else was using his email. The probe eventually led to the discovery that he was having an extramarital affair, according to The Wall Street Journal, which cites “several people briefed on the matter”. An FBI inquiry into the use of Petraeus’s Gmail account led agents to believe the woman or someone close to her had sought access to his email. An extramarital affair has significant implications for an official in a highly sensitive post, such as that held by Petraeus, because it can open an official to blackmail.
►►Who did Petraeus have an affair with? The woman with whom General David Petraeus was having an affair is Paula Broadwell, a West Point graduate and the author of a recent hagiographic book about him, entitled All In: The Education of General David Petraeus, co-written with Vernon Loeb. Slate‘s Fred Kaplan reports that “it had long been rumored that something was going on between Petraeus and Broadwell. When she was embedded with him in Afghanistan, they went on frequent 5-mile runs together. But Petraeus went on 5-mile runs with many reporters, and few people who knew him took the rumors seriously”.
►►Who is leading the CIA now? With General David Petraeus stepping down as director of the CIA, following reports of an extra-marital affair, the agency’s current deputy director will take over as director on an interim basis. His name is Michael Morell, and he was a senior CIA aide in the White House to President George W. Bush. Morell had served as deputy director since May 2010, after holding a number of senior roles, including director for the agency’s analytical arm, which helps feed intelligence into the President’s Daily Brief. He also worked as an aide to former CIA Director George Tenet.

News you may have missed #703: US edition

NSA headquartersBy IAN ALLEN | intelNews.org |
►►NSA pressed to reveal details on Google deal. The Electronic Privacy Information Center is locking horns with the National Security Agency over a secret deal the agency cut with Google following an attack on Gmail by Chinese hackers in 2010. The information center has filed a Freedom of Information Act request with the NSA to obtain information about the deal. That request was rejected by a federal court and an appeal process continues.
►►US spy agencies can keep data on Americans longer. Until now, the US National Counterterrorism Center had to immediately destroy information about Americans that was already stored in other government databases when there were no clear ties to terrorism. But it will now be able to store information about Americans with no ties to terrorism for up to five years under new Obama administration guidelines. The new rules replace guidelines issued in 2008 and have privacy advocates concerned about the potential for data-mining information on innocent Americans.
►►Islam convert leads CIA’s Counterterrorism Center. Roger, which is the first name of his cover identity, has been chief of the CIA’s Counterterrorism Center for the past six years. Colleagues describe Roger as a collection of contradictions. A chain-smoker who spends countless hours on a treadmill. Notoriously surly yet able to win over enough support from subordinates and bosses to hold on to his job. He presides over a campaign that has killed thousands of Islamist militants and angered millions of Muslims, but he is himself a convert to Islam. His defenders don’t even try to make him sound likable. Instead, they emphasize his operational talents, encyclopedic understanding of the enemy and tireless work ethic.

News you may have missed #495