Firm Says Tehran-Linked Hackers Used Fake Female Profile To Lure Men

A cybersecurity firm says hackers working for the Iranian government have impersonated a young female photographer on social media to lure men working in key industries of Tehran’s regional rivals.

Dell SecureWorks on July 27 said its research showed Iran engaged in a campaign to trap targets in a so-called "honey pot," an espionage tactic involving seduction and often used by criminal hackers.

It added that the “Mia Ash” identity had been active on sites -- including LinkedIn, Facebook, WhatsApp, and Blogger -- since at least April 2016. Most have since taken the profile down.

Researcher Allison Wikoff said "Mia Ash" attempted, and often succeeded, in “grooming” men working in the Middle East and Africa, most of them in the oil and gas field.

Dell SecureWorks said "Mia Ash" sent malware identified as a "photography survey" with an attachment in January.

The exact same malware was simultaneously sent by the Iranian hacking group Cobalt Gypsy during a "spear-phishing" e-mail attempt to the same potential victim's employer, it said.

The malware, known as PupyRAT, would give a hacker control of a compromised computer and provide access to an organization’s technology network, which the firm said suggested a government espionage operation.

The fake profile was of an “attractive woman in her mid-20s who lived in London and enjoyed travel, soccer, and popular musicians,” the research showed.

Dell SecureWorks said it was highly confident that Mia Ash was created and operated by Cobalt Gypsy, also known as OilRig.

Iranian officials did not immediately respond to requests for comment, Reuters news agency said.

With reporting by Reuters and Forbes