Skip to content ↓ | Skip to navigation ↓

The Federal Bureau of Investigation released a flash notification to federal agencies warning that dozens of bogus personas on social networking platforms have been targeting federal employees in spear-phishing operations for several years.

“The FBI and NCIS believe a group of cyber actors have been using various social networking sites to conduct spear phishing activities since at least 2011,” the notification states. “FBI and NCIS investigation to date has uncovered 56 unique Facebook personas, 16 domains, and a group of IP addresses associated with these actors.

FBI said the operation is typical of most phishing operations, where the attackers attempt to gain the confidence of targets in critical agencies or their contractors in an effort to coax them to click on malicious links or open tainted email attachments that would infect the target’s systems with malware, and could put federal networks at risk.

“These personas typically would attempt to befriend specific types of individuals such as government, military, or cleared defense contractor personnel,” the advisory continued. “After establishing an online friendship the actor would send a malicious link (usually through one of the associated domains) to the victim, either through email or in a chat on the social networking site eventually compromising the target’s computer.”

The more than four-dozen personas the FBI singled out in the notification were detected on Facebook, but the agency believes many also are present on other social media platforms, as well as developing numerous malicious websites employed in the operation.

“While this FLASH specifically deals with Facebook personas, it is believed that many of these personas also maintain a presence on other social networking sites such as LinkedIn, Google +, and Twitter which are just as malicious,” the alert said.

“This group of cyber actors also has created and maintained multiple malicious Web sites, often spoofing a legitimate Web site and implanting malicious links into the actor’s version of the Web site.”

Read More Here (PDF)…