- Jun 9, 2013
- 6,720
An APT actor believed to be backed by the Iranian state is using an elaborate fake persona—a beautiful young woman—to lure victims on social media.
The fictional person, named Mia Ash, is a linchpin in espionage campaigns from a group known as Cobalt Gypsy, targeting several entities in the Middle East and North Africa (MENA), with a focus on Saudi Arabian organizations. The focus is on firms in telecommunications, government, defense, oil and financial services, with Cobalt Gypsy identifying individual victims through social media sites, according to Dell SecureWorks.
At the core of this is a well-established collection of fake social media profiles for Mia Ash that are intended to build trust and rapport with potential victims, while performing reconnaissance on employees of targeted organizations.
In one example of the gambit, Mia Ash (a purported London-based photographer) used LinkedIn to contact an employee at one of the targeted organizations, stating that the inquiry was part of an exercise to reach out to people around the world. Over the next several days, the individuals exchanged messages about their professions, photography and travels. Mia then encouraged the employee to add her as a friend on Facebook and continue their conversation there, noting that it was her preferred communication method. The correspondence continued via email, WhatsApp and Facebook for weeks, until Mia sent a Microsoft Excel document, Copy of Photography Survey.xlsm, to the employee's personal email account. Mia encouraged the victim to open the email at work using their corporate email account so the survey would function properly. The survey contained macros that, once enabled, downloaded PupyRAT, an open-source cross-platform remote access trojan (RAT).
Read More. Iranian Espionage Campaign Hinges on Beautiful (But Fake) Woman
The fictional person, named Mia Ash, is a linchpin in espionage campaigns from a group known as Cobalt Gypsy, targeting several entities in the Middle East and North Africa (MENA), with a focus on Saudi Arabian organizations. The focus is on firms in telecommunications, government, defense, oil and financial services, with Cobalt Gypsy identifying individual victims through social media sites, according to Dell SecureWorks.
At the core of this is a well-established collection of fake social media profiles for Mia Ash that are intended to build trust and rapport with potential victims, while performing reconnaissance on employees of targeted organizations.
In one example of the gambit, Mia Ash (a purported London-based photographer) used LinkedIn to contact an employee at one of the targeted organizations, stating that the inquiry was part of an exercise to reach out to people around the world. Over the next several days, the individuals exchanged messages about their professions, photography and travels. Mia then encouraged the employee to add her as a friend on Facebook and continue their conversation there, noting that it was her preferred communication method. The correspondence continued via email, WhatsApp and Facebook for weeks, until Mia sent a Microsoft Excel document, Copy of Photography Survey.xlsm, to the employee's personal email account. Mia encouraged the victim to open the email at work using their corporate email account so the survey would function properly. The survey contained macros that, once enabled, downloaded PupyRAT, an open-source cross-platform remote access trojan (RAT).
Read More. Iranian Espionage Campaign Hinges on Beautiful (But Fake) Woman
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
