Accessibility links

Breaking News

Firm Says Tehran-Linked Hackers Used Fake Female Profile To Lure Men


A cybersecurity firm says hackers working for the Iranian government have impersonated a young female photographer on social media to lure men working in key industries of Tehran’s regional rivals.

Dell SecureWorks on July 27 said its research showed Iran engaged in a campaign to trap targets in a so-called "honey pot," an espionage tactic involving seduction and often used by criminal hackers.

It added that the “Mia Ash” identity had been active on sites -- including LinkedIn, Facebook, WhatsApp, and Blogger -- since at least April 2016. Most have since taken the profile down.

Researcher Allison Wikoff said "Mia Ash" attempted, and often succeeded, in “grooming” men working in the Middle East and Africa, most of them in the oil and gas field.

Dell SecureWorks said "Mia Ash" sent malware identified as a "photography survey" with an attachment in January.

The exact same malware was simultaneously sent by the Iranian hacking group Cobalt Gypsy during a "spear-phishing" e-mail attempt to the same potential victim's employer, it said.

The malware, known as PupyRAT, would give a hacker control of a compromised computer and provide access to an organization’s technology network, which the firm said suggested a government espionage operation.

The fake profile was of an “attractive woman in her mid-20s who lived in London and enjoyed travel, soccer, and popular musicians,” the research showed.

Dell SecureWorks said it was highly confident that Mia Ash was created and operated by Cobalt Gypsy, also known as OilRig.

Iranian officials did not immediately respond to requests for comment, Reuters news agency said.

With reporting by Reuters and Forbes
  • 16x9 Image

    RFE/RL

    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.

XS
SM
MD
LG