Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Social Networks Communications Government Privacy Security The Internet

Iranians Use 'Cute Photographer' Profile To Hack Targets In Middle East (securityledger.com) 39

chicksdaddy shares a report from The Security Ledger: Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks. In a report released on Thursday, Secureworks' Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile of a young, English woman using the name "Mia Ash" to conduct highly targeted spear-phishing and social engineering attacks against employees of Middle Eastern and North Africa firms in industries like telecommunications, government, defense, oil and financial services. The attacks are the work of an advanced persistent threat group dubbed COBALT GYPSY or "Oil Rig" that has been linked to other sophisticated attacks. The attacks, which spread across platforms including LinkedIn and Facebook, as well as email, were highly successful. In some cases, the attacks lasted months -- and long after the compromise of the employee -- with the targets engaged in a flirtation with a woman they believed was a young, attractive female photographer. The Mia Ash persona is a fake identity based loosely on a real person -- a Romanian photographer and student who has posted her work prolifically online. According to a report by Security Ledger, the persona was created specifically with the goal of performing reconnaissance on and establishing relationships with employees of targeted organizations. Victims were targeted with the PupyRAT Trojan, an open source, cross-platform remote access trojan (RAT) used to take control of a victim's system and harvest credentials like logins and passwords from victims, and lured with malware-laden documents such as "photography surveys" (really?). One target was even instructed to make sure to open the document from work because it will "work better," Secureworks said.
This discussion has been archived. No new comments can be posted.

Iranians Use 'Cute Photographer' Profile To Hack Targets In Middle East

Comments Filter:
  • by Anonymous Coward

    The internet - where the women are men and the kids are cops

    • by TWX ( 665546 ) on Monday July 31, 2017 @09:13PM (#54917585)

      I always heard it as, "The Internet: where the men are men, the women are men, and the children are FBI agents." I think it was making fun of Garrison Keillor's Lake Woebegon, "Where all the men are handsome, all the women are strong, and all the children are above average."

      • by Rande ( 255599 )

        My variant is "The Internet: where men are men, the women are also men and hot 14yo girls are FBI agents...and men."

    • “In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri.”

      • “In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri.”

        And people strived to split infinitives which had never been split before!

  • now THAT is the name of our new band.
  • by Anonymous Coward on Monday July 31, 2017 @09:33PM (#54917637)

    Just sayin'...

  • Go for every network all the time and then filter to try and find anything of use.
    Collect it all.
    What do nations do if that cant do that geographically network collection over decades globally?

    East Germany went for people. People in the West with isolated gov/mil jobs that wanted friends in the West. People with jobs who had gov/mil/political party access and might talk about the stress of secret work later.
    The not married secretary in Bonn on a weekend who wanted a friend to talk with.
    The other E
  • Well (Score:4, Funny)

    by burtosis ( 1124179 ) on Monday July 31, 2017 @10:10PM (#54917707)
    When you can phish the White House cyber security expert [google.com] in to doxing himself, anything seems possible.
    • by Anonymous Coward

      Where is my funny but sadly true mod!

  • Anyone still falling for this, in this day and age, should seriously be banned from ever coming within 10 feet of any computer ever again.

    Yes, that includes the ones in their car.

    • The author of the article links to a Deviantart photo as the "work prolifically online posted". Even the most cursory examination should have detected the "Cristina Matei - Selfportrait" below the photo. No "Mia Ash" here. I agree Cristina is cute though ;)

      I think Slashdot should consider banning TFA (in this context "The Fucking Author") Chicksdaddy from posting articles to Slashdot. It would improve the quality of the site.

  • I heard she married the Nigerian Prince, and they moved to Russia.

  • And ? (Score:5, Interesting)

    by aepervius ( 535155 ) on Tuesday August 01, 2017 @01:05AM (#54918087)
    Everybody and their grandma which do social engeeniring will tells you, you use social weakness to bypass the securities. Since men compose most of security teams, use of actractive women (real or just photo) makes so much sense, Do you think the US or Russia are using buff men to crack in security , using social engineering, of a mostly hetero sexual male population ? Heck I can remember an article of a woman doing security penetration testing. Her weapons ? Deep decoltée , big breast, and pumps with a hidden compartment with USB sticks, and lockpicks. I would bet it works perfectely.
    • by Shimbo ( 100005 )

      Guys are suckers for UTF-8.

    • Where I disagree is "Do you think the US or Russia are using buff men to crack in security" as sarcasm, because the answer is yes. If the targets are female, you bet they use guys who are buff to crack security. While we may not discuss a woman's promiscuity as much as men publicly, women are just as vulnerable as men in terms of exploitable sexuality and are just as likely to be promiscuous.

      The number of exploitable women just happens to be smaller than men.

      • Otherwise it might have cut short your rant if you had quoted the whole sentence : "of a mostly hetero sexual male population ". Sure they may be using buff men but in absence of knowing gender, the sure bet is big breasted woman.
  • So, if I'm reading this correctly - the real girl is on DeviantArt, while the fake girl is on Facebook.

    I didn't think anyone under 35 even knew DeviantArt existed...

  • I've pretty much been conditioned to impulsively dismiss ANYTHING that is prefaced with a pretty face or body. There have been too many times where a pretty woman said hello to me only to give me a sales pitch or a SJW pitch. Too many ads in magazines and on TV use a pretty woman to pitch their products. I was a victim of a dating scam - fake FB account with pretty pictures and all the social engineering tricks. I was married to a materialistic gold digger who only got married for the entitlements. The
  • "Secureworks' Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile"

    Would any of these phishing attacks if the clients were using anything other than Microsoft Windows.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...