Iranian hackers conducted 3 year campaign trying to spy on US leaders over Facebook

'Elaborate' campaign targeted politicians and military personnel to trick them into giving up log-in credentials and downloading malware

Iranian hackers created a fake news website and a string of fake Facebook profiles as part of a three-year campaign to spy on US politicians and military officers, a new report has claimed.

Security firm iSight Partners say that fake social media personas were created by the hackers with complex backgrounds. These were used to contact targets, sending them legitimate content before trying to gain access to government and corporate networks through the use of malware.

The hackers also "intimated their interest in specific defence technology, as well as military and diplomat information by their targeting" said the company.

The operation’s targets reportedly included ambassadors, a four-star Navy admiral and lawmakers, and personnel from countries including Britain, Syria, Iraq and Afghanistan.

iSight has not disclosed the identity of any victims nor if any data has been stolen, although the firm’s executive vice president Tiffany Jones said “if it's been going on for so long, clearly they have had success.”

As part of the campaign the hackers set up a fake news site called which republished articles from the BBC, Reuters and the Associated Press under the names of six fake journalists.

A screenshot of the fake news site. Credit: iSight

These personas – along with eight faked defence contractors – were given profiles on Facebook and other social media networks that were then used to contact targets in the US and other countries.

iSight said that this type of “social engineering” campaign was the most elaborate by any nation to be uncovered to date and that the perpetrators wanted to stay “under the radar.”

“This campaign is not loud. It is low and slow," said Jones. "They want to be stealth.”

To build credibility the fake personas attempted to befriend victims’ friends, colleagues, relatives and classmates, and would initiate contact by sharing legitimate content before sending links containing malware or requesting network credentials.

iSight said that it has alerted the FBI as well as overseas authorities and some victims. The FBI has not issued a statement on the report, although Facebook have said that they discovered the hacking group while investigating suspicious activity on the site.

A Facebook spokesperson told Reuters: “We removed all of the offending profiles we found to be associated with the fake NewsOnAir organization and we have used this case to further refine our systems that catch fake accounts.”

Earlier this month another US cyber security firm FireEye said that it had detected new activity from a hacking group believed to be operating out of Iran named the Ajax Security Team (AST).

FireEye said that the AST had been targeting defence organizations by coding their own malware, describing the move as “an evolution” for the country as it seeks better control political dissent and expand its “offensive cyber capacities.”