An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defence contractor with malware as part of a years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider cybersecurity community under the monikers Tortoiseshell and Imperial Kitten.
“Using the social media persona ‘Marcella Flores,’ TA456 built a relationship across corporate and personal communication platforms with an employee of a small subsidiary of an aerospace defence contractor,” Proofpoint said in a report shared with The Hacker News. “In early June 2021, the threat actor attempted to capitalize on this relationship by sending the target malware via an ongoing email communication chain.”
images from Hacker News