Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iranians Use 'Cute Photographer' Profile To Hack Targets In Middle East (securityledger.com)

Posted by BeauHD on from the operating-lonely-guy dept.

chicksdaddy shares a report from The Security Ledger: Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks. In a report released on Thursday, Secureworks' Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile of a young, English woman using the name "Mia Ash" to conduct highly targeted spear-phishing and social engineering attacks against employees of Middle Eastern and North Africa firms in industries like telecommunications, government, defense, oil and financial services. The attacks are the work of an advanced persistent threat group dubbed COBALT GYPSY or "Oil Rig" that has been linked to other sophisticated attacks. The attacks, which spread across platforms including LinkedIn and Facebook, as well as email, were highly successful. In some cases, the attacks lasted months -- and long after the compromise of the employee -- with the targets engaged in a flirtation with a woman they believed was a young, attractive female photographer. The Mia Ash persona is a fake identity based loosely on a real person -- a Romanian photographer and student who has posted her work prolifically online. According to a report by Security Ledger, the persona was created specifically with the goal of performing reconnaissance on and establishing relationships with employees of targeted organizations. Victims were targeted with the PupyRAT Trojan, an open source, cross-platform remote access trojan (RAT) used to take control of a victim's system and harvest credentials like logins and passwords from victims, and lured with malware-laden documents such as "photography surveys" (really?). One target was even instructed to make sure to open the document from work because it will "work better," Secureworks said.

21 of 39 comments (clear)

  1. Sounds about right... by Anonymous Coward · · Score: 1

    The internet - where the women are men and the kids are cops

    1. Re: Sounds about right... by TWX · · Score: 3, Interesting

      I always heard it as, "The Internet: where the men are men, the women are men, and the children are FBI agents." I think it was making fun of Garrison Keillor's Lake Woebegon, "Where all the men are handsome, all the women are strong, and all the children are above average."

      --
      Do not look into laser with remaining eye.
    2. Re: Sounds about right... by Rande · · Score: 1

      My variant is "The Internet: where men are men, the women are also men and hot 14yo girls are FBI agents...and men."

  2. PupyRAT by turkeydance · · Score: 1

    now THAT is the name of our new band.

  3. Kiss Mia Ash by Anonymous Coward · · Score: 4, Funny

    Just sayin'...

  4. Well by burtosis · · Score: 3, Funny

    When you can phish the White House cyber security expert in to doxing himself, anything seems possible.

    1. Re:Well by Anonymous Coward · · Score: 1

      Where is my funny but sadly true mod!

  5. Still falling for this? by Todd+Knarr · · Score: 1

    Anyone still falling for this, in this day and age, should seriously be banned from ever coming within 10 feet of any computer ever again.

    Yes, that includes the ones in their car.

  6. Rumors by Tablizer · · Score: 1

    I heard she married the Nigerian Prince, and they moved to Russia.

    --
    Table-ized A.I.
  7. When the Internet was created by DontBeAMoran · · Score: 1

    “In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri.”

    --
    #DeleteFacebook
    1. Re:When the Internet was created by Big+Hairy+Ian · · Score: 1

      “In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri.”

      And people strived to split infinitives which had never been split before!

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  8. And ? by aepervius · · Score: 4, Interesting

    Everybody and their grandma which do social engeeniring will tells you, you use social weakness to bypass the securities. Since men compose most of security teams, use of actractive women (real or just photo) makes so much sense, Do you think the US or Russia are using buff men to crack in security , using social engineering, of a mostly hetero sexual male population ? Heck I can remember an article of a woman doing security penetration testing. Her weapons ? Deep decoltée , big breast, and pumps with a hidden compartment with USB sticks, and lockpicks. I would bet it works perfectely.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:And ? by Shimbo · · Score: 2

      Guys are suckers for UTF-8.

  9. Real versus fake by 93+Escort+Wagon · · Score: 1

    So, if I'm reading this correctly - the real girl is on DeviantArt, while the fake girl is on Facebook.

    I didn't think anyone under 35 even knew DeviantArt existed...

    --
    #DeleteChrome
  10. Re: Falling for the clickbait by Lonewolf666 · · Score: 1

    The author of the article links to a Deviantart photo as the "work prolifically online posted". Even the most cursory examination should have detected the "Cristina Matei - Selfportrait" below the photo. No "Mia Ash" here. I agree Cristina is cute though ;)

    I think Slashdot should consider banning TFA (in this context "The Fucking Author") Chicksdaddy from posting articles to Slashdot. It would improve the quality of the site.

    --
    C - the footgun of programming languages
  11. Re:RAT stands for.. by Maritz · · Score: 1

    Keep the change

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  12. Immune to Social Engineering by AnalogDiehard · · Score: 1

    I've pretty much been conditioned to impulsively dismiss ANYTHING that is prefaced with a pretty face or body. There have been too many times where a pretty woman said hello to me only to give me a sales pitch or a SJW pitch. Too many ads in magazines and on TV use a pretty woman to pitch their products. I was a victim of a dating scam - fake FB account with pretty pictures and all the social engineering tricks. I was married to a materialistic gold digger who only got married for the entitlements. The "pretty face" social engineering tricks are evident in all the clickbait ads on news websites.

    Marketers know that pretty faces sell a product - not anymore. Show me a picture of a pretty face, and I'll gloss right past it. Pay a pretty woman to pitch a product to my face, and I'll turn and walk away. I am so tired of being manipulated.

    --
    Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
  13. This by s.petry · · Score: 2

    Where I disagree is "Do you think the US or Russia are using buff men to crack in security" as sarcasm, because the answer is yes. If the targets are female, you bet they use guys who are buff to crack security. While we may not discuss a woman's promiscuity as much as men publicly, women are just as vulnerable as men in terms of exploitable sexuality and are just as likely to be promiscuous.

    The number of exploitable women just happens to be smaller than men.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:This by s.petry · · Score: 1

      I used the term promiscuous intentionally. Promiscuity is defined as indiscriminate mingling or association. Sexual relations is often a part of that, but not required. Flirting is often associated, but not required. Petting could be a part of it, but not required. Etc... Fantasizing in the way you describe would be covered as well. If you have a better term I could have used, feel free to let me know.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  14. Alluring polished phishing campaign .. by najajomo · · Score: 1

    "Secureworks' Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile"

    Would any of these phishing attacks if the clients were using anything other than Microsoft Windows.

  15. Funny you cut the quote early by aepervius · · Score: 1

    Otherwise it might have cut short your rant if you had quoted the whole sentence : "of a mostly hetero sexual male population ". Sure they may be using buff men but in absence of knowing gender, the sure bet is big breasted woman.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org