Security News > 2021 > August > Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

In a new report, Proofpoint details how the group TA456, associated with the Iranian Revolutionary Guard, invested years in developing the false profile of a fantasy woman named Marcella Flores, an impossibly shiny haired aerobics instructor from the U.K., to rein in unsuspecting targets.

Starting about eight months ago, Proofpoint found TA456 used the Marcella Flores profile to slowly build a relationship with someone who worked for a subsidiary of an aerospace defense contractor in the U.S. Over the months, Marcella shared many emails, pictures and even a video to build trust.

"Designed to conduct reconnaissance on the target's machine, the macro-laden document contained personalized content and demonstrated the importance TA456 placed on the target," Proofpoint's report said, adding the malware is a new iteration of the Liderc malware, which Proofpoint calls Lempo.

Proofpoint's Sherrod DeGrippo told Threatpost the fake "Marcella" profile they found was also connected on social media with others who publicly identify themselves as employees of defense contractors.

"TA456 has demonstrated themselves as one of the most?resourceful?Iranian-aligned threats tracked by Proofpoint. More broadly, Iranian cyber-espionage groups continue to have success with extensive social-engineering targets."

Besides general cybersecurity hygiene and awareness training, DeGrippo advises those who work in sensitive industries - like aerospace and defense - to avoid shoring too much personal information on social media, which could ultimately be used by threat actors to build a detailed personal profile on you for abuse.

News URL

https://threatpost.com/iranian-apt-defense-contractor-catfish/168332/