Iranian Hackers Deploy New Spear-Phishing Techniques

Uploaded on 2019-10-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, according to researchers form ClearSky.

The attacks are related to a campaign aimed at disrupting the 2020 US presidential candidate targeting government officials, media targets, and prominent expatriate Iranians which is known to have resulted in four accounts being compromised out of a total of 241 targeted.

“Iran was not known as a country who tends to interfere in elections around the world. From a historical perspective, this type of cyber activity had been attributed mainly to the Russian APT groups,” ClearSky notes in their report.

Charming Kitten, a group also tracked as APT35, Ajax Security Team, NewsBeef, Newscaster, and Phosphorus, has been, targeting activists and journalists focusing on the Middle East, US organisations, and entities located in Israel, the U.K., Saudi Arabia and Iraq. 

As part of the newly observed campaign, ClearSky says, the group used four different spear-phishing methods including password recovery impersonation, spear-phishing emails, and spear-phishing via SMS messages.

  • The first impersonation vector used was a message with a link pretending to arrive from Google Drive or from a colleague’s email address. Social engineering is used in an attempt to trick the victim into exposing their login credentials.  
  • Another vector employed SMS messages containing a link and claiming to inform the recipient of an attempt to compromise their email account. Just as in the previous type of attack, the link directs to a URL shortening service leading to a malicious website attempting to phish for the victim’s credentials.
  • A third attack vector employed a fake unauthorised login attempt alert, where the intended victim is informed that a North Korean attacker tried to compromise their Yahoo email address and is asked to secure their account. Previously, the victim was informed that someone from North Korea changed their email recovery options.
  • The fourth attack vector employed recently by Charming Kitten was social network impersonation. In an attempt to grab login credentials, the attackers have created fake sites for Instagram, Facebook, Twitter, Google, and the National Iranian-American Council.

Although not new for Charming Kitten, the targeting of Yahoo accounts is something that the group hasn’t done for a couple of years. Since 2017, the hackers focused on Google accounts instead, but it seems they are now back again at targeting Yahoo accounts and impersonating Yahoo services.

Security Week:           ClearSky:  

You Might Also Read: 

US Campaigners Get Trained About Cyber Threats:

 

« Google Creates Video Tools To Fight Deepfakes
US 2020 Presidential Campaign Cyber Security Examined »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

Surf Security

Surf Security

SURF Security has transformed the browser into your strongest security asset while providing complete end-user privacy – all with full compliance.