(Reuters) – Facebook said on Thursday that it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyber espionage operation aimed primarily at US military personnel and people working in defense and space companies.  The social media giant said that the group, which was called & # 39; Tortoiseshell & # 39; by security experts, used fake online personas to connect to targets, build trust sometimes for months and drive them to other websites where they were tricked into clicking malicious links that would infect their devices with spyware.
"This activity had the characteristics of a good resource and sustained operation, while relying on relatively strong operational security measures to hide who is behind it," Facebook's investigation team said in a blog post.
Facebook, said Facebook, made fictitious profiles across several social media platforms to appear more credible, often posing as recruiters or employees in space and defense companies.
Microsoft-owned LinkedIn said it had deleted a number of accounts and Twitter said it "actively investigated" the information in Facebook's report.
Facebook said the group used email, messaging and collaboration services to distribute malware, including via malicious Microsoft Excel spreadsheets. A Microsoft spokesman said in a statement that it was aware of and tracked this actor and that it takes action when it detects malicious activity.
Alphabet Inc .:'s Google said they had detected and blocked phishing on Gmail and issued alerts to their users. . The workplace messaging app Slack Technologies Inc. said it had acted to take down hackers who used the social technology site and shut down any workspaces that violated its rules.
The hackers also used custom domains to attract their targets, Facebook said, including fake defense company recruitment sites, and it created online infrastructure that falsified a legitimate U.S. Department of Labor job search site.
Facebook said that the hackers mostly targeted people in the United States, as well as some in the United States. Kingdom and Europe, in a campaign that has been going on since mid-2020. It declined to name the companies whose employees were targeted, but the head of cyber espionage Mike Dvilyanski said it notified the "fewer than 200 individuals" targeted.