Facebook teams routinely disrupt a wide range of threats including cyber espionage campaigns, influence operations and hacking of their platform by nation-state actors and other groups.
Facebook today shared details of recent actions taken against a group of hackers in Iran, known in the security industry as, Tortoiseshell, who had abused Facebook to distribute malware and conduct espionage operations across the internet, targeting primarily the Unites States.
Previously, Tortoiseshell had mainly focussed on the information technology industry in the Middle East.
Facebook investigations found that this group had used malicious tactics to identify its targets and infect their devices with malware to enable espionage to other regions and industries, including military personnel and companies in the defence and aerospace industries primarily in the US, but also in the UK and Europe.
Although Facebook was used for these nefarious operations, it was a much broader cross-platform cyber espionage operation which used social engineering and driving people off platform rather than directly sharing the malware.
Facebook identified tactics, techniques and procedures (TTPs) used by this threat actor including, Social Engineering, Phishing and Credential Theft, Malware, and Outsourcing Malware Development.
Facebook shared their findings with the industry, and blocked malicious domains from being shared on their platform, took down accounts and notified people believed to have been targeted by this threat actor.
For a full list of Threat Indicator Domains, and to read the full story, click here.