Iranian hackers posed for years as a glamorous Liverpool-based aerobics instructor in a bid to penetrate a US aerospace defence company.
In an astonishing real-life espionage plot, the hackers used the name Marcella Flores in their attempts to spike the system with viruses.
“Marcella”, who was secretly working for Iran and codenamed TA456, flirted and sent pictures to an employee to persuade them she was genuine, it is reported.
Then in June this year the hackers spiked the person’s social media system with a virus which then filtered into his or her company IT devices in a bid to spy on the firm.
It was a malware attack using the virus Liderc.
The sophisticated virus is capable of spying, gathering information such as usernames and passwords and then exiting the system, loaded with data and erasing its tracks.
The plot has been uncovered by Proofpoint, a California based security and tech company, which specialises in email and cyber security and in particular social media.
“Marcella”, who called herself Marcy, sent flirty emails, photos and even a video to the unwitting employee going back to 2019.
The bogus Facebook profile went back to May 30, 2018 and claimed she worked at the Harbour Health Club in Liverpool and had studied at the University of Liverpool.
After attempting to gain the target’s trust, the hackers sent a fake survey about pandemic diets and eating habits, which was laced with malware.
The email was signed “Marcy”.
The Proofpoint said Facebook had disrupted a network of similar personas thought to be controlled by the hackers.
It said the hackers are believed to be “loosely aligned” to the Islamic Revolutionary Guard Corps (IRGC) via the Tehran-based IT company Mahak Rayan Afraz, according to Facebook’s analysis.
In a blog post, Proofpoint wrote its researchers “have identified a years-long social engineering and targeted malware campaign by the Iranian-state aligned threat actor TA456”.
TA456 is known by other aliases including Tortoiseshell and Imperial Kitten.