"Unique Iran-Based Threats Target Defense and Healthcare"

Early in November 2022, the Department of Health and Human Services' Health Sector Cybersecurity Coordinating Center released a security brief detailing how Tehran-backed actors have attacked healthcare, defense,  and other sectors. One incident involved a campaign by the Tortoiseshell threat group, which compromised Facebook users by impersonating recruiters for the medical field, journalism, and other occupations. Their efforts led people in the US and Europe to download malware-infected files. Other schemes tricked victims into entering credentials on fake websites. Iran-based threat groups are not known for their technical expertise, but their social engineering tactics enable them to conduct successful attacks. Facebook released a report in 2021 on its part in dismantling the Iranian Tortoiseshell group. Previously, the actors focused on the Middle Eastern Information Technology (IT) industry. The group then expanded to other regions and industries. Facebook determined that the Tortoiseshell group had largely targeted the defense and aerospace industries in the US and the UK. Tortoiseshell used Facebook as part of a larger cross-platform espionage campaign. In addition, the group deployed malware payloads via email, messaging platforms, and phishing websites. This article continues to discuss the Tortoiseshell group's tactics, techniques, and procedures (TTPs).

Security Intelligence reports "Unique Iran-Based Threats Target Defense and Healthcare"