Facebook claims to have unmasked and stopped an Iran-controlled espionage operation on its website. Around 200 accounts kept under false identities in the online network as part of this operation have been removed, as the anti-espionage boss of the online group, Mike Dvilyanski, announced on Thursday. These accounts were designed to siphon off data and information from employees in the defense and aerospace industries in the United States and Europe.
The backers used Facebook to gather information about their target persons, to lure them to websites outside of Facebook and to infect their computers with spy software. It is difficult to assess how successful this operation, called “tortoiseshell” (turtle shell), has been. Yet it had all the characteristics of a “resource-rich” campaign.
According to Dvilyanski, some of the espionage software is said to have been developed by the Mahak Rayan Afras company based in Tehran. This company has connections to the Iranian Revolutionary Guard, said the Facebook expert.
Lots of tension
Iran is repeatedly blamed for cyber attacks by American authorities and companies. Relations between the US and Iran had deteriorated significantly under former President Donald Trump. Trump got out of the international nuclear deal with Iran in 2018 and had massive sanctions imposed on the country. In response, Tehran gradually withdrew from its nuclear deal obligations.
US President Joe Biden, who has been in office since January, has been open to reviving the 2015 agreement, but negotiations are currently underway in Vienna. Biden makes a precondition, however, that Tehran fully complies with its obligations under the nuclear agreement. Iran, in turn, makes a new version of the agreement a condition that the US sanctions are lifted.