Home News Deloitte hack: Iranian hackers lured firm’s employee via Facebook ‘honey trap’

Deloitte hack: Iranian hackers lured firm’s employee via Facebook ‘honey trap’

Deloitte Acquires Zimbani to Boost its Cybersecurity Practice

It has been revealed that Iranian hackers were behind the major data breach at Deloitte, one of the ‘big four’ accountancy firms. They pulled it off via a seriously convincing fake Facebook post. The highly-active hacker crew known as OilRig, which is believed to be sponsored by the Iranian regime, created a “Mia Ash”, a fictional female to execute its plot.

The perpetrators reportedly penetrated into the systems way back in July 2016 after Mia’s puppeteers targeted a Deloitte cybersecurity employee, engaging him though the social network in conversations about his job, Forbes reported. The newly-found friendship between the Deloitte employee and his ‘virtual’ friend Mia Ash proved a disaster. She somehow managed to convince the Deloitte staffer to open a file purportedly containing some of her photos on a work laptop.

According to the sources, the malware illustrated the ability of the puppeteers to gain the employee’s trust. Mia Ash’s fake Facebook profile is full of alluring images and is convincing enough to gain the trust of an Asia-based cybersecurity professional. After sending messages on Facebook from July 2016 to February 2017, Mia Ash disappeared from the social networking site.

Sources revealed that the account only required a single password login that gave them “access to all areas” of Deloitte’s global email server. Earlier, Deloitte confirmed to Guardian that only a small number of its clients had been “impacted,” but KrebsOnSecurity later reported that all its administrator accounts and internal email system were compromised.

Meanwhile, Deloitte chose not to comment since the incident came to light. Apparently, the Mia Ash attack is different from the one on Deloitte data hosted on Microsoft’s Azure.

James Andrew Lewis, senior vice president at the Center for Strategic and International Studies (CSIS) questioned why the Deloitte employee was targeted and whether it was because of the entities he worked with rather than his role at the consultancy.

“In a couple instances the Iranians have been really clever: they don’t go after the primary target, they go after the secondary… the Deloitte guy might have been interesting only because of who he was connected to,” said Lewis.

Facebook security chief Alex Stamos said the social network would be taking more of a manual approach to dealing with fake personas set up with malicious ends in mind.