Iranian State-Backed Hackers Posed s Flirty Scouser Called Marcy to Target Workers in Defence and Aerospace
28th July 2021
Using the alias Marcella Flores, the Iranians patiently built up a relationship with their targets “over years” to convince them to open malware-laden emails on useful devices – even sending a video of “herself” to sucker in her unwitting targets.
“Once the malware, which is an updated version of Liderc that Proofpoint has dubbed LEMPO, establishes persistence, it can perform reconnaissance on the infected machine, save the reconnaissance details to the host, exfiltrate sensitive information to an actor-controlled email account via SMTPS, and then cover its tracks by deleting that day’s host artifacts,” said the infosec outfit in a blog post published today.