Facebook closed an online cyber espionage campaign Thursday that was used by Iranian hackers targeting military personnel and companies in the aerospace and defense departments. The threat actor is known as Tortoiseshell also known as Imperial Kitten. The campaign included fake websites, even a fake version of U.S department of Labor job search site. The goal of the hackers were credential theft and siphoning data from email accounts. The Tortoise shell malware was developed by Mahak Rayan Afraz which is an IT company in Tehran with ties to Revolutionary Guard Corps. There were over 200 accounts removed from Facebook that were ran by the hackers.