Facebook disrupts Iran-based espionage operation

Social media network says the Iran-based espionage operation targeted defense and aerospace workers in Europe and the United States.

Arutz Sheva Staff ,


Facebook on Thursday said it disrupted an Iran-based espionage operation targeting defense and aerospace workers in Europe and the United States, AFP reports.

Fake accounts posing as company job recruiters or employees were used to dupe targets, the company’s head of cyber espionage investigations, Mike Dvilyanski, said in a telephone briefing.

"This effort was highly targeted," Dvilyanski said, adding, "It is hard for us to know how successful this campaign was, but it had all the hallmarks of a well-resourced operation."

Some of the malicious code used in the cyber spying campaign was developed by Mahak Rayan Afraz tech company in Tehran with ties to Islamic Revolutionary Guard Corps, according to Dvilyanski.

Facebook took down 200 accounts it said were used to dupe defense or aerospace industry workers into connecting outside the social network, say by email or at bogus job websites.

The group referred to as "Tortoiseshell" had focused its activities in the Middle East until last year, when it took aim primarily at the United States, Dvilyanski said.

Malware slipped onto devices of victims was designed to glean information including log-in credentials to email or social media, he added.

Facebook said it appeared fewer than 200 users may have fallen for the ruse, and that those people have been notified of the deception.

The company blocked some of the booby-trapped website links from being shared at the social network, according to executives.

Facebook’s announcement comes two days after the US Justice Department revealed that charges were laid against four Iranian intelligence agents and a co-conspirator living in the US who allegedly plotted to kidnap a journalist who was critical of the Iranian regime.