Iranian hackers target Deloitte’s cybersecurity employee

As America frets over Russians running rampant on Facebook, other adversaries have been exploiting the social network as a way into some of the world’s biggest businesses.
A team of Iranian hackers used Facebook to target Deloitte, one of the Big Four accounting firms.
An employee at Deloitte fell victim to a fake Facebook account in October 2016, the same time the firm’s email server was compromised which affected Deloitte data in Microsoft’s Azure cloud-hosting service. Hackers may have accessed personal details of the company’s countless blue-chip clients.
Cybersecurity firm SecureWorks believes that the attacks were believed to have been perpetrated by Iranian government spies. The hacking group known as OilRig, which as Forbes pointed out in July were believed to have been working for the Iranian Regime, created a fake Facebook profile for a beautiful, charming woman using the name Mia Ash.
In July 2016, Mia’s puppeteers targeted a Deloitte cybersecurity employee who used to assist clients with their digital defences, but it’s startling that he himself fell victim to the attack. The hackers engaged him through the social network in conversations about his job, Forbes learned from sources with direct knowledge of the attack. As the online relationship grew, the employee offered to help his new friend Mia set up a website for her alleged business. Eventually, the entity behind Mia exploited the positive rapport to convince the Deloitte employee to open a malicious document sent by Mia on his work computer. Though it’s not believed that particular malware infected the wider company network, according to the sources, it illustrated the ability of the puppeteers to gain the employee’s trust.
Despite providing cybersecurity advice to the world’s largest corporations, banks and government agencies, Deloitte was unable to evade a cyber attack that compromised confidential information relating to its clients. The attack was uncovered in March but due to the highly sensitive nature of the breach, only a select number of Deloitte’s lawyers and partners were made aware that it had even occurred. So far, investigators think that hackers entered Deloitte’s global email server through an administrator’s account, which will have potentially given them unlimited access to 5 million emails to and from the firm’s 244,000 staff. It is unknown how much information was taken, but six of Deloitte’s clients have so far been told that their information was “impacted” by the incident.

Leave a Reply

Your email address will not be published.