Friday, April 26, 2024

Vogon Today

Selected News from the Galaxy

StartMag

How the hacker group TA456 used Gmail and Facebook to launch an attack

3 years ago babelfish

How the hacker group TA456 used Gmail and Facebook to launch an attack

The TA456 hacker group used fictitious Gmail and Facebook accounts to compromise employees of a US defense contractor. The article by Giuseppe Gagliano

A group of hackers used fictitious Gmail and Facebook accounts to compromise employees of a US defense contractor. A report released Monday by California-based cybersecurity firm Proofpoint identified the hackers behind the spying campaign as members of a group codenamed Threat Actor 456 (TA456).

Also known as Imperial Kitten and Tortoiseshell, TA456 is known for pursuing espionage objectives under the direction of the Iranian government. According to Proofpoint, TA456 is among the "most determined" threat actors aligned with Iran. The cybersecurity firm adds that TA456's spying activities often target Western "defense industrial base contractors" who are known to specialize in the Middle East.

TA456's most recent operation involved a fictional online personality named "Marcella Flores", also known as "Marcy Flores", who claimed to live in the British city of Liverpool. The group used a fake Gmail account and Facebook profile to bolster the credibility of the fake profile and to contact employees of US defense contractors. One of these employees began corresponding with Flores on Facebook towards the end of 2019.

In June 2021, after cultivating the relationship with the defense clerk for over a year, Flores sent the clerk a link to a video file, presumably of herself. The file contained malware, known as LEMPO, designed to search for targeted computers and provide the hacker with copies of files found on the penetrated systems.

Facebook is apparently aware of TA456's spying campaign. Last month, the social media company said it took action "against a group of hackers in Iran [in order] to disrupt their ability to use their infrastructure to abuse [Facebook's] platform, distribute malware and conduct spying operations on the Internet, mainly targeting the United States ”.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/come-il-gruppo-hacker-ta456-ha-sfruttato-gmail-e-facebook-per-sferrare-attacco/ on Thu, 05 Aug 2021 11:41:58 +0000.