APT42: Iranian Hackers At Work

Uploaded on 2024-08-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Google’s Threat Analysis Group (TAG) has  released details that  confirm that Iranian government-backed hackers have targeted the election campaigns of the two opposing US presidential candidates Kamala Harris and Donald Trump, as well as targets in Israel 

TAG analysts have confirmed that both campaigns were implemented by state-sponsored hackers working at the direction of Iran's Revolutionary Guard Corps (IRGC). 

The principal attack method used by this group of hackers works by collecting data about targets and then creating specific phishing efforts to trick  victims into revealing log-in information for their email service. TAG say the group is actively targeting campaign workers associated with the Trump and Harris presidential election campaigns.

According to Google, those targeted include current and former US government officials, as well as presidential campaign affiliates. The Trump campaign has already disclosed that its internal email communications have been breached by by hackers whom they claim are under Iran's control. 

Likely perpetrators include the hacker group known as APT42, which is best known for spyware, is associated with the IRGC, and is known to focus on high-profile targets. “In the past six months, the US and Israel accounted for roughly 60% of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both US presidential campaigns... These activities demonstrate the group’s aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities,” says the TAG blog.

APT42 employs various tactics in its email phishing campaigns, using services like Google Sites, Dropbox, and OneDrive to host malware, phishing pages, and malicious redirects. They exploit these platforms to distribute their attacks in the form fake links and pages, including one that falsely appeared as a petition from the Jewish Agency for Israel calling for the end of the conflict. 

Google has been active to counter APT42 by resetting compromised accounts, issuing warnings, updating detection mechanisms, disrupting malicious pages, and adding harmful domains to the Safe Browsing blocklist, effectively dismantling parts of the group’s infrastructure, as well as suspending several accounts associated with APT42. TAG say this is not the first time APT42 has attempted to target the US presidential elections and that they disrupted the group’s efforts to target the Biden and Trump campaigns during 2020 as well.

According to reports, both Trump associate and his campaign associate, Roger Stone, have said they were contacted by Microsoft related to suspected cyber intrusions. Stone’s email was compromised by hackers targeting Trump’s campaign in 2019. Stone was later convicted and imprisoned following the Mueller investigation into election tampering

In the current Presidential elections, Google says it has has been able to successfully defend against  a stream of APT42’s phishing attacks, which have targeted personal email accounts of key individuals affiliated with both Biden and Trump. 

Google continue to see unsuccessful attempts by APT42 to compromise personal accounts of individuals affiliated with President Joe Biden, Vice President Harris, and former President Trump, and have alerted campaign officials about increased malicious activity and the need for strong security measures.

In the statement, Google said that APT42 is sophisticated and persistent and that they show no signs of stopping. “We took down multiple APT42-created Google Sites pages that masqueraded as a petition from the legitimate Jewish Agency for Israel calling on the Israeli government to enter into mediation to end the conflict... The text of the petition was embedded in image files instead of HTML. The Sites page included an ngrok (API Gateway) redirect URL, a free service for developers that APT42 has previously used to redirect users to phishing pages.”

Google continues to monitor and block APT42’s attempts to compromise the personal accounts of individuals connected to presidential campaigns. The US State Department has  now issued a warning about the consequences of the persistent efforts from both Russia and Iran to influence the US election through fake news and other online activity. 

Groups linked to both these countries have used fake news websites and social media accounts to deliver  content intended to influence US voters.

The hackers have been quick to exploit AI technology to support their their operations. This week, OpenAI  announced that it has closed a number of user accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that focused on the imminent US presidential election.

"This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as Storm-2035," OpenAI said.   

"The operation used ChatGPT to generate content focused on a number of topics, including commentary on candidates on both sides in the US presidential election, which it then shared via social media accounts and websites." according to OpenAI.

Google TAG   |   US State Dept   |    I-HLS   |   Guardian   |    Economic Times   |   Fortune   |    Wired   |    NBC   |   

Hacker News   |    OpenAI    |    France24 

Image: Ideogram

You Might Also Read:

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« North Korean IT Contractor Fraud
Threat Intelligence: Most Prevalent Malware Rankings »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Cyphra

Cyphra

Cyphra’s team provide cyber security consulting, technical and managed services expertise and experience to support your organisation.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.