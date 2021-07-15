James Martin/CNET

Facebook said Thursday it disrupted a group of hackers in Iran that targeted military and defense and aerospace companies mainly in the US.

The group, known as Tortoishell, used different tactics including setting up fake job recruiting sites as part of an effort to infect the devices of their victims with malware to enable espionage, Facebook said. The hackers also targeted people in the UK and Europe, the social network said.

Facebook said the hackers tried to direct people to other websites, email or messaging services.

"Our platform was one of the elements of the much broader cross-platform cyber espionage operation, and its activity on Facebook manifested primarily in social engineering and driving people off-platform, rather than directly sharing of the malware itself," Facebook's Mike Dvilyanski, who heads cyber espionage investigations, and David Agranovich, director of threat disruption, said in a blog post.

Using fake personas, the hackers posed as posed as recruiters and employees of defense and aerospace companies. They also claimed to work in other industries such as medicine, journalism and airlines. Hackers also imitated a US Department of Labor job search site in what Facebook said appeared to be an effort to steal login information to the victims' online accounts including on social media and their corporate emails.

The hackers also shared links to malicious Microsoft Excel spreadsheets and various malware tools remote-access trojans and keystroke loggers, which tracks what a person types. Facebook said it found that some of the malware was developed by an Iranian IT company known as Mahak Rayan Afraz with ties to the Islamic Revolutionary Guard Corps.