The TA456 hacker group used fictitious Gmail and Facebook accounts to compromise employees of a US defense contractor. The article by Giuseppe Gagliano A group of hackers used fictitious Gmail and Facebook accounts to compromise employees of a US defense contractor. A report released Monday by California-based cybersecurity firm Proofpoint identified the hackers behind the spying campaign as members of a group codenamed Threat Actor 456 (TA456). Also known as Imperial Kitten and Tortoiseshell, TA456 is known for pursuing espionage objectives under the direction of the Iranian government. According to Proofpoint, TA456 is among the "most determined" threat actors aligned with Iran. The cybersecurity firm adds that TA456's spying activities often target Western "defense industrial base contractors" who are known to specialize in the Middle East. TA456's most recent operation involved a fictional online personality named "Marcella Flores", also known as "Marcy Flores", who claimed to live in the British city of Liverpool. The group used a fake Gmail account and Facebook profile to bolster the credibility of the fake profile and to contact employees of US defense contractors. One such employee started correspondence with Flores on Facebook towards the end of 2019.
Sponsor illimitybank.com Are you looking for a loan? Discover illimity's Digital Factoring
In June 2021, after cultivating a relationship with the defense employee for over a year, Flores sent the employee a link to a video file, presumably of herself. The file contained malware, known as LEMPO, designed to search for targeted computers and provide the hacker with copies of files found on the penetrated systems. Facebook is apparently aware of TA456's spying campaign. Last month, the social media company said it took action “against a group of hackers in Iran [in order] to disrupt their ability to use their infrastructure to abuse [Facebook's] platform, distribute malware and conduct spying operations on the Internet, mainly targeting the United States ”.