iSIGHT Partners has discovered a long-running cyberespionage operation in which Iranians are creating fake personas on popular social network sites.  The attackers use the fake personas to create trusted relationships with intended victims.

iran flag

 

iSIGHT elaborates:

iSIGHT has recently uncovered activity, which we call NEWSCASTER, that has quietly carried out cyber espionage since 2011, while eschewing methods preferred by many of its peers. NEWSCASTER is distinctive for its reliance on social networks, and the intricate network of false personas that exists on several of these platforms. Most notably, several of these personas are legitimized by a front news organization called NewsOnAir.org.

These are some of the impersonations used in the NEWSCASTER attacks:

Fake Accounts Used by Iranian Attackers

Having established a trusted relationship, the next step is to abuse that trust by sending a spearphishing email that delivers an exploit . Whom do you trust? As NEWSCASTER demonstrates, letting users decide is dangerous. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.