Jeff Seldin Profile picture
15 Jul, 15 tweets, 10 min read
NEW: #Iran-based hackers known as "Tortoiseshell" targeted US military, defense companies in US, #Britain, #Europe per @Facebook

"This group used various malicious tactics to identify its targets & infect their devices with malware to enable espionage"
about.fb.com/news/2021/07/t…
"This activity had the hallmarks of a well-resourced & persistent operation, while relying on relatively strong operational security measures to hide who’s behind it" per @Facebook

#Iran hackers
.@Facebook's platform just one element in a "much broader cross-platform cyber espionage operation"by #Iran-based #Tortoiseshell

"Activity on Facebook manifested primarily in social engineering...driving people off-platform, rather than directly sharing the malware itself"
"Tortoiseshell deployed sophisticated fake online personas to contact its targets, build trust & trick them into clicking on malicious links" per @Facebook "These fictitious personas had profiles across multiple social media platforms to make them appear more credible"

re #Iran
"These accounts often posed as recruiters & employees of defense & aerospace companies from the countries their targets were in" per @Facebook "Other personas claimed to work in hospitality, medicine, journalism, NGOs & airlines"
The #Iran-based #Tortoiseshell hackers also "created a set of tailored domains designed to attract particular targets...Among them were fake recruiting websites for particular defense companies" per @Facebook
#Iran's #Tortoiseshell "used custom malware tools we believe to be unique to their operations, including full-featured remote-access trojans, device and network reconnaissance tools and keystroke loggers" per @Facebook
"A portion of their malware was developed by Mahak Rayan Afraz (MRA), an IT company in #Tehran with ties to the Islamic Revolutionary Guard Corps (#IRGC)" per @Facebook
Background from @Mandiant Threat Intelligence:

#Tortoiseshell, aka UNC1833 "has historically targeted people and organizations affiliated with the U.S. military and information technology (IT) providers in the Middle East since at least 2018" per sr principal analyst Sarah Jones
"We assess that a front company tied to #IRGC is involved in these operations" per @Mandiant's Jones

"#Iran is still an aggressive cyber actor that shouldn’t be ignored"
"The existence of #Trump related domains is notable, though we have no evidence that these domains were operationalized or used to target anyone affiliated w/the Trump family or properties" per @Mandiant's Jones Image
#Trump domains - #Iran/#Tortoiseshell (UNC1833):

"Domains such as these could suggest social engineering associated w/US political topics" per @Mandiant's Jones

"In the past we have seen targeting of the US political sphere by #IRGC affiliated actors"
Background on #Iran's political meddling:
voanews.com/2020-usa-votes…
Background on #Iran's political meddling:
voanews.com/2020-usa-votes…
Background on #Iran's political meddling:
voanews.com/usa/us-politic…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeff Seldin

Jeff Seldin Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jseldin

16 Jul
2 #California men charged w/conspiring to destroy the @TheDemocrats party HQ in #Sacramento after #Election2020

45yo Ian Rogers & 37yo Jarrod Copeland "planned to use incendiary devices to attack their targets & hoped their attacks would prompt a movement" per @TheJusticeDept
Copeland, Rogers "used multiple messaging applications & discussed the attacks on numerous occasions" per @TheJusticeDept

“After the 20th we go to war” Rogers wrote, an apparent reference to launching the attack after the presidential inauguration
Copeland, Rogers also "sought support from an anti-government militia group" per @TheJusticeDept

Officials say Copeland also communicated w/a leader of a militia group after Rogers was arrested, who advised him to destroy evidence of the encrypted communications...
Read 4 tweets
14 May
Same day @DHSgov issues updated terrorism advisory abt the threat from domestic terrorists - @FBI, DHS release "Strategic Intelligence Assessment & Data on Domestic Terrorism" report

846 individuals arrested between FY2015-FY2019
For the most recent period, FY 2019, @FBI @DHSgov assessed "RMVEs [Racially or Ethnically Motivated Violent Extremists], primarily those advocating for the superiority of the white race, likely would continue to be the most lethal DVE threat to the Homeland"
"Our agencies had high confidence in this assessment based on the demonstrated capability of #RMVEs in 2019 to select weapons & targets to conduct attacks, & the effectiveness of online RMVE messaging calling for increased violence" per @FBI @DHSgov
Read 5 tweets
14 May
UPDATE: Ex @USArmy Green Beret who pleaded guilty to spying for #Russia sentenced to +15 years in prison

Peter Debbins of #Gainesville #Virginia was arrested last August, & entered the guilty plea this past November
According to the indictment, #Russia intelligence 1st contacted Debbins in 1996, learning he was ROTC & planned to serve in the US military though his political opinions were "pro-Russian & anti-American"
Then, in October 1997 meeting, #Russia|n intel agents gave Debbins the code name "Ikar Lesnikov" while Debbins signed a document "stating he wanted to 'serve Russia'"
Read 6 tweets
14 May
NEW: @DHSgov issues updated Nat'l Terrorism Advisory due to "threats posed by domestic terrorists, individuals, & groups engaged in grievance-based violence, & those inspired or influenced by foreign terrorists & other malign foreign influences"

re #DVE, foreign #terrorists,
MORE: @DHSgov bulletin "advises that the United States is facing threats that have evolved significantly and become increasingly complex and volatile"
"We are advising the public to be vigilant about ongoing threats to the United States, including those posed by domestic terrorism, grievance-based violence, & those inspired or influenced by foreign terrorists & other malign foreign influences" per @SecMayorkas
Read 7 tweets
14 May
Happening now: @US_CYBERCOM @CYBERCOM_DIRNSA and @DeptofDefense Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang testifying before #HASC subcommittee on on Cyber, Innovative Technologies, and Information Systems
"#China is the pacing threat for the department, including in #cyber operations" per @DeptofDefense Deputy Asst Sec Eoyang

"China uses cyber operations to erode US military overmatch and economic vitality, stealing US intellectual property & research"
"#Russia also continues to be a highly-sophisticated & capable adversary, integrating malicious cyber activities, including espionage & influence operations in mutually reinforcing ways" per Eoyang
Read 24 tweets
22 Apr
Happening now: @CENTCOM Commander Gen. Kenneth "Frank" McKenzie briefs Pentagon reports on #Afghanistan withdrawal

"I would advise the #Taliban we will be prepared to defend ourselves" he says
"We do plan to continue support to the Afghan military...it will just be more difficult" per @CENTCOM's Gen. McKenzie

"We intend to continue to support them" he adds "It will be a tough fight for the Afghans"
"It is our intention to bring the contractors out, the US contractors will come out" per @CENTCOM's Gen. McKenzie, saying planner looking at other options to support Afghan air force

"We may be able to work some remote, televised way to do that"
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(