Thomas Brewster of Forbes published the story of how hackers cat phished a Deloitte’s employee.
An employee at Deloitte, one of the Big Four accounting firms, fell victim to a fake Facebook account in late 2016. The attacks, believed to have been perpetrated by Iranian government spies, occurred around the same time as a separate hack, which affected Deloitte’s data.
Mia Ash is a fictional woman created by the hacker crew known as OilRig, which cybersecurity firm SecureWorks believes is sponsored by the Iranian regime. In July 2016, Mia’s controllers targeted a Deloitte cybersecurity employee, engaging him though the social network in conversations about his job. As the online relationship grew, the employee offered to help his new friend Mia set up a website for her alleged business. Eventually, the controller behind Mia exploited the positive rapport to convince the Deloitte employee to open a malicious document sent by Mia on his work computer. Though it’s not believed that particular malware infected the wider company network, according to the sources, it illustrated the ability of the controllers to gain the employee’s trust.
The Mia Ash persona was built on the photos and profile information of a real woman from Romania, Cristina Mattei. With alluring images and active avatars across Facebook, WhatsApp and LinkedIn, Mia was a convincing fraud, described previously by SecureWorks cybersecurity researcher Allison Wikoff as one of the most developed fake personas she’d ever seen.
Mia was convincing enough to gain the internet friendship of the cybersecurity professional and, after sending messages for months convinced him to open a file, supposedly containing some of her photos, on a work laptop. Fortunately for Deloitte, the malware inside, (a tool dubbed PupyRat designed to pilfer credentials for corporate systems), didn’t make it onto the company network.
To Deloitte’s credit, its cybersecurity protections prevented the malware from reaching its network.
An attack like this takes a lot of time to prepare and execute and the attacker must believe there is something of sufficient value to be gained to make all that effort worthwhile.
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.