.
.
.
.

A phish called Mia: How Iran used a fake profile to lure Mideast victims

Published: Updated:

Mia Ash is supposed to be a 30-year-old woman with a successful career as a photographer in London and has as many as 500 friends on Facebook, LinkedIn and Instagram. Most of them are reportedly men from the Middle Eastern who shower her photos with likes and comments.

But Mia Ash is not real.

Last February, SecureWorks (an Information Security Solutions‎ company) helped a Middle Eastern company with an attempted spyware infection which they assessed was initiated by COBALT GYPSY (formerly known as TG-2889), a threat group associated with Iranian government-directed cyber operations.

A phish called Mia
A phish called Mia

“SecureWorks CTU researchers assess it highly likely that the Mia Ash persona is a fake identity used to perform reconnaissance on and establish relationships with employees of targeted organizations,” a report from their website read.

The scam using Mia Ash targeted mid-level staff at Middle Eastern telecommunication, technology, aerospace and oil and gas companies with access to sensitive parts of their company’s IT operations.

It is believed that photos Iraninan hackers used belong to an actual Romanian woman they stole from social media.

A phish called Mia
A phish called Mia