Home News Hackers Target Employees By Posing as Flirty Aerobics Instructors

Hackers Target Employees By Posing as Flirty Aerobics Instructors

Hackers Target Employees By Posing as Flirty Aerobics Instructors

A hacking group aligned with Iran’s government has waged a years-long campaign to steal data from American defense contractors, even posting as a flirtatious aerobics instructor from the U.K. in an attempt to dupe an employee, according to cybersecurity researchers.

The group, known as TA456 or Tortoiseshell, has sought out smaller subsidiaries and contractors to use them as a launching pad to compromise larger defense companies through the supply chain, according to a report published Wednesday by the Sunnyvale, California-based cybersecurity firm Proofpoint Inc.

The hackers are one of the most resourceful Iran-linked hacking groups Proofpoint has tracked, due to their persistence over long periods of time and the methods they use to trick people, said Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection. “This campaign demonstrates that even after an individual is targeted by a persona, it can take months or years for TA456 to attempt to deliver malware,” DeGrippo said.

The security firm declined to identify names of people or companies that had been targeted.

Iran’s Foreign Ministry didn’t respond to a message-seeking comment.

The researchers found evidence that the Iranian hacker group created a persona called Marcella Flores, who posed as a glamorous aerobics instructor and university graduate from Liverpool, England. According to Proofpoint, operating on Facebook and other social media websites, the hackers operating the Flores account cultivated relationships with targeted employees before attempting to secretly compromise their computers.

In one case, between November 2020 and June 2021, the hackers used the Flores persona to send benign messages, photographs, and a coquettish video to an intended victim who worked for a subsidiary of an aerospace defense contractor. After attempting to build a trusted relationship, the Flores account sent a fake “diet survey” about eating habits that was laced with malware that could steal usernames, passwords, and other data from the infected computer. The email was signed “Marcy.”

It wasn’t clear if the hackers successfully obtained any data from the targeted aerospace employee. However, Proofpoint said its security software had blocked the hackers’ links to download the malicious files.

Both Proofpoint and Facebook concluded the Flores account was fake.

On July 15, Facebook removed the Flores account from its platform in a coordinated takedown of users linked to Iranian hacker activity. Facebook said at the time that the accounts it removed were linked to a hacking group it identified as Tortoiseshell, which had targeted military personnel and companies in the defense and aerospace industries primarily in the U.S., the U.K., and Europe. “This group used various malicious tactics to identify its targets and infect their devices with malware to enable espionage,” Facebook said in a statement.

Facebook attributed a portion of Tortoiseshell’s activity to Mahak Rayan Afraz, an Iranian IT company with alleged ties to the Islamic Revolutionary Guard Corps. The group was previously identified targeting information technology providers in Saudi Arabia “in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers,” according to a September 2019 report from the security firm Symantec.

Mahak Rayan Afraz didn’t immediately respond to a request for comment.

Eskalera, a Startup Led by Goldman Sachs’ Former HR Head Has Launched a Diversity and Inclusion Index

Eskalera, a technology startup led by Goldman Sachs former human resources head Dane Holmes, has launched an index to measure corporate diversity and inclusiveness,...

HSBC to Remove 35,000 Jobs Amidst Covid-19 Crises

HSBC Holdings Plc has restarted cutting as many as 35,000 jobs, three months after the coronavirus outbreak forced it to pause a long-awaited overhaul...

Genpact Offers Its Internal Skill Training Program Globally for Everyone

Genpact has announced Adapt and Rise, a role-based online learning platform that leverages Genpact's expertise honed from delivering real-world change for hundreds of clients....

San-Francisco Based Learning Platform Degreed Has Raised $32 Million in New Funding

The upskilling platform, Degreed, has announced $32 million in new funding in direct response to overwhelming demand for better skill insights, talent mobility, and...

Research Shows the Implications of Workplace Layouts on Employee Productivity and Overall Performance

As some workplaces prepare for the gradual return of employees and overhaul office layouts and seating plans, research has shown this could also have...

Employee Concierge ‘Back Technologies’ Integrates Automation Into Internal HR and Other Support Tasks

Companies are under increasing pressure to automate workflows and digitally service their employees, particularly in light of trends toward remote work. It takes an...

HR Strategies to Help Your Business Navigate the New ‘Normal’

No business is immune to the massive changes resulting from the health crisis. Organizations have proven themselves to be agile, and employees have demonstrated...

The Importance Of Diversity And Inclusion In HR, Hiring, Talent Management: Thoughts From A Top Expert

Michael C. Hyter is one of today’s best-known experts on inclusion and diversity and the author of The Power of Choice: Embracing Efficacy to Drive Your Career and The...

HR Expert Highlights Actionable Steps to ‘Make Real Change’ Against Racism in Your Workplace

Kyra Leigh Sutton, Ph.D., is a faculty member at the Rutgers University School of Management and Labor Relations, where she teaches human resources courses...

Adidas Employees Want Company to Investigate HR Chief for Response to Racial Issues

A group of Adidas employees from around the globe is asking the company to investigate its chief human resources officer, as part of a...