Iranian hackers posed online as an aerobics instructor from England during a years-long operation to lure workers with US defence companies into divulging sensitive information, cyber security analysts say.
The group, known as TA456 or Tortoiseshell, sought out staff in subsidiaries and contractors in an effort to use them as a way to compromise larger companies in the supply chain, analysts at Proofpoint said.
One of the fake identities was Marcella Flores, who appeared to be a glamorous aerobics instructor and university graduate from Liverpool in north-west England.
The persona, operating on Facebook, Instagram and other social media sites, cultivated relationships with target employees before attempting to secretly compromise their computers, according to Proofpoint.
The Flores Facebook profile included a phrase in Spanish beneath "her" photo: “When the melody sounds, the footsteps start moving, the heart sings and the spirit starts dancing.”
Between November 2020 and June, the hackers used the Flores persona to send benign messages, photographs and a coquettish video to an intended victim who worked for a subsidiary of an aerospace contractor.
After attempting to build a trust relationship, the Flores account sent a fake survey about eating habits that was laced with malware that could steal usernames, passwords and other data from the infected computer. The email was signed "Marcy".
It was not clear if the hackers, believed to be aligned with the Islamic Revolutionary Guard Corps, successfully obtained data from their target.
“TA456's years-long dedication to significant social engineering, benign reconnaissance of targets before deploying malware, and their cross-platform kill chain makes them a very resourceful threat and signifies that they must be experiencing success in gaining information that meets their operational goals,” said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
Proofpoint researchers said the Flores account was unlikely to be the only one used by the hackers.
This month, Proofpoint also exposed an Iranian group masquerading as a British-based academic during a cyber espionage campaign and compromised a website belonging to the School of Oriental and African Studies, University of London.
The Tortoiseshell hackers are among the most resourceful Iran-linked groups operating because of their patience and ingenuity, Ms DeGrippo said.
“This campaign demonstrates that even after an individual is targeted by a persona, it can take months or years for TA456 to attempt to deliver malware.
“Malicious actors will often utilise publicly available information about a target to build up a picture of their role, connections, access to information, and vulnerability to attacks. Oversharing on social media is a particularly risky behaviour in sensitive industries, so organisations should ensure employees are properly and frequently trained in security awareness,” she said.
Proofpoint and Facebook concluded the Flores account was bogus.
On July 15, Facebook removed it in a takedown of users suspected Iranian hacker activity.
Facebook said the accounts it removed were linked to a hacking group it identified as Tortoiseshell, which went after military personnel and companies in the defence and aerospace industries primarily in the US, UK and continental Europe.
“This group used various malicious tactics to identify its targets and infect their devices with malware to enable espionage,” Facebook said.
The names of the people and companies who became targets have not been revealed.
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%203S%20Money%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202018%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20London%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Ivan%20Zhiznevsky%2C%20Eugene%20Dugaev%20and%20Andrei%20Dikouchine%3Cbr%3E%3Cstrong%3ESector%3A%3C%2Fstrong%3E%20FinTech%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%3C%2Fstrong%3E%20%245.6%20million%20raised%20in%20total%3C%2Fp%3E%0A
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
UAE currency: the story behind the money in your pockets
Biggest%20applause
%3Cp%3EAsked%20to%20rate%20Boris%20Johnson's%20leadership%20out%20of%2010%2C%20Mr%20Sunak%20awarded%20a%20full%2010%20for%20delivering%20Brexit%20%E2%80%94%20remarks%20that%20earned%20him%20his%20biggest%20round%20of%20applause%20of%20the%20night.%20%22My%20views%20are%20clear%2C%20when%20he%20was%20great%20he%20was%20great%20and%20it%20got%20to%20a%20point%20where%20we%20need%20to%20move%20forward.%20In%20delivering%20a%20solution%20to%20Brexit%20and%20winning%20an%20election%20that's%20a%2010%2F10%20-%20you've%20got%20to%20give%20the%20guy%20credit%20for%20that%2C%20no-one%20else%20could%20probably%20have%20done%20that.%22%3C%2Fp%3E%0A
BABYLON
%3Cp%3EDirector%3A%20Damien%20Chazelle%3C%2Fp%3E%0A%3Cp%3EStars%3A%20Brad%20Pitt%2C%20Margot%20Robbie%2C%20Jean%20Smart%3C%2Fp%3E%0A%3Cp%3ERating%3A%204%2F5%3C%2Fp%3E%0A
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
Who has been sanctioned?
Daniella Weiss and Nachala
Described as 'the grandmother of the settler movement', she has encouraged the expansion of settlements for decades. The 79 year old leads radical settler movement Nachala, whose aim is for Israel to annex Gaza and the occupied West Bank, where it helps settlers built outposts.
Harel Libi & Libi Construction and Infrastructure
Libi has been involved in threatening and perpetuating acts of aggression and violence against Palestinians. His firm has provided logistical and financial support for the establishment of illegal outposts.
Zohar Sabah
Runs a settler outpost named Zohar’s Farm and has previously faced charges of violence against Palestinians. He was indicted by Israel’s State Attorney’s Office in September for allegedly participating in a violent attack against Palestinians and activists in the West Bank village of Muarrajat.
Coco’s Farm and Neria’s Farm
These are illegal outposts in the West Bank, which are at the vanguard of the settler movement. According to the UK, they are associated with people who have been involved in enabling, inciting, promoting or providing support for activities that amount to “serious abuse”.
UAE v Gibraltar
What: International friendly
When: 7pm kick off
Where: Rugby Park, Dubai Sports City
Admission: Free
Online: The match will be broadcast live on Dubai Exiles’ Facebook page
UAE squad: Lucas Waddington (Dubai Exiles), Gio Fourie (Exiles), Craig Nutt (Abu Dhabi Harlequins), Phil Brady (Harlequins), Daniel Perry (Dubai Hurricanes), Esekaia Dranibota (Harlequins), Matt Mills (Exiles), Jaen Botes (Exiles), Kristian Stinson (Exiles), Murray Reason (Abu Dhabi Saracens), Dave Knight (Hurricanes), Ross Samson (Jebel Ali Dragons), DuRandt Gerber (Exiles), Saki Naisau (Dragons), Andrew Powell (Hurricanes), Emosi Vacanau (Harlequins), Niko Volavola (Dragons), Matt Richards (Dragons), Luke Stevenson (Harlequins), Josh Ives (Dubai Sports City Eagles), Sean Stevens (Saracens), Thinus Steyn (Exiles)
Roll%20of%20Honour%2C%20men%E2%80%99s%20domestic%20rugby%20season
%3Cp%3E%3Cstrong%3EWest%20Asia%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Bahrain%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Jebel%20Ali%20Dragons%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%201%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Sharks%0D%3Cbr%3ERunners%20up%3A%20Abu%20Dhabi%20Harlequins%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%202%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%20III%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Sharks%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDubai%20Sevens%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%3C%2Fp%3E%0A
Company profile
Date started: 2015
Founder: John Tsioris and Ioanna Angelidaki
Based: Dubai
Sector: Online grocery delivery
Staff: 200
Funding: Undisclosed, but investors include the Jabbar Internet Group and Venture Friends
ANDROID%20VERSION%20NAMES%2C%20IN%20ORDER
%3Cp%3EAndroid%20Alpha%3C%2Fp%3E%0A%3Cp%3EAndroid%20Beta%3C%2Fp%3E%0A%3Cp%3EAndroid%20Cupcake%3C%2Fp%3E%0A%3Cp%3EAndroid%20Donut%3C%2Fp%3E%0A%3Cp%3EAndroid%20Eclair%3C%2Fp%3E%0A%3Cp%3EAndroid%20Froyo%3C%2Fp%3E%0A%3Cp%3EAndroid%20Gingerbread%3C%2Fp%3E%0A%3Cp%3EAndroid%20Honeycomb%3C%2Fp%3E%0A%3Cp%3EAndroid%20Ice%20Cream%20Sandwich%3C%2Fp%3E%0A%3Cp%3EAndroid%20Jelly%20Bean%3C%2Fp%3E%0A%3Cp%3EAndroid%20KitKat%3C%2Fp%3E%0A%3Cp%3EAndroid%20Lollipop%3C%2Fp%3E%0A%3Cp%3EAndroid%20Marshmallow%3C%2Fp%3E%0A%3Cp%3EAndroid%20Nougat%3C%2Fp%3E%0A%3Cp%3EAndroid%20Oreo%3C%2Fp%3E%0A%3Cp%3EAndroid%20Pie%3C%2Fp%3E%0A%3Cp%3EAndroid%2010%20(Quince%20Tart*)%3C%2Fp%3E%0A%3Cp%3EAndroid%2011%20(Red%20Velvet%20Cake*)%3C%2Fp%3E%0A%3Cp%3EAndroid%2012%20(Snow%20Cone*)%3C%2Fp%3E%0A%3Cp%3EAndroid%2013%20(Tiramisu*)%3C%2Fp%3E%0A%3Cp%3EAndroid%2014%20(Upside%20Down%20Cake*)%3C%2Fp%3E%0A%3Cp%3EAndroid%2015%20(Vanilla%20Ice%20Cream*)%3C%2Fp%3E%0A%3Cp%3E%3Cem%3E*%20internal%20codenames%3C%2Fem%3E%3C%2Fp%3E%0A
'Laal Kaptaan'
Director: Navdeep Singh
Stars: Saif Ali Khan, Manav Vij, Deepak Dobriyal, Zoya Hussain
Rating: 2/5
EA Sports FC 26
Publisher: EA Sports
Consoles: PC, PlayStation 4/5, Xbox Series X/S
Rating: 3/5
Turkish Ladies
Various artists, Sony Music Turkey
German intelligence warnings
- 2002: "Hezbollah supporters feared becoming a target of security services because of the effects of [9/11] ... discussions on Hezbollah policy moved from mosques into smaller circles in private homes." Supporters in Germany: 800
- 2013: "Financial and logistical support from Germany for Hezbollah in Lebanon supports the armed struggle against Israel ... Hezbollah supporters in Germany hold back from actions that would gain publicity." Supporters in Germany: 950
- 2023: "It must be reckoned with that Hezbollah will continue to plan terrorist actions outside the Middle East against Israel or Israeli interests." Supporters in Germany: 1,250
Source: Federal Office for the Protection of the Constitution
COPA DEL REY
Semi-final, first leg
Barcelona 1 (Malcom 57')
Real Madrid (Vazquez 6')
Second leg, February 27
The Vile
Starring: Bdoor Mohammad, Jasem Alkharraz, Iman Tarik, Sarah Taibah
Director: Majid Al Ansari
Rating: 4/5
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
Pieces of Her
Stars: Toni Collette, Bella Heathcote, David Wenham, Omari Hardwick
Director: Minkie Spiro
Rating:2/5
Dunki
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Rajkumar%20Hirani%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Shah%20Rukh%20Khan%2C%20Taapsee%20Pannu%2C%20Vikram%20Kochhar%20and%20Anil%20Grover%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
