Meta, formerly the Facebook company, has removed two Iranian cyberespionage groups that were targeting academics, activists, journalists and other victims.
According to its latest Adversarial Threat report released on Thursday, the two networks were targeting people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts.
The first network was linked to a group of hackers known in the security industry as UNC788. The network is Iran’s decade-long campaign of credential harvesting and surveillance operations that is possibly sponsored by Revolutionary Guard (IRGC). It targets Iranian diaspora, dissidents and human rights activists from Israel and Iran, Iran-focused academics, politicians in the US, people in the Middle East including the Saudi military, and journalists around the world.
The other group is a separate newly identified cyberespionage network that was targeting companies in the energy, telecommunications, maritime logistics, semiconductor, and information technology in several countries, including the United States, Israel, Saudi Arabia, UAE, Russia, Canada, and others.
The previously unreported hacking group relied on phishing and extensive social engineering tactics to impersonate the domains of legitimate companies and used a complex network of fake personas across Facebook, Telegram, and other platforms along with a network of fake recruiting firms.
Both groups used unique malware applications disguised as a VPN app, a salary calculator, an audio book reader, a chat app, a birthday calendar app, or a Quran app.