Iranian Hackers Deploy New Spear-Phishing Techniques

Uploaded on 2019-10-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, according to researchers form ClearSky.

The attacks are related to a campaign aimed at disrupting the 2020 US presidential candidate targeting government officials, media targets, and prominent expatriate Iranians which is known to have resulted in four accounts being compromised out of a total of 241 targeted.

“Iran was not known as a country who tends to interfere in elections around the world. From a historical perspective, this type of cyber activity had been attributed mainly to the Russian APT groups,” ClearSky notes in their report.

Charming Kitten, a group also tracked as APT35, Ajax Security Team, NewsBeef, Newscaster, and Phosphorus, has been, targeting activists and journalists focusing on the Middle East, US organisations, and entities located in Israel, the U.K., Saudi Arabia and Iraq. 

As part of the newly observed campaign, ClearSky says, the group used four different spear-phishing methods including password recovery impersonation, spear-phishing emails, and spear-phishing via SMS messages.

  • The first impersonation vector used was a message with a link pretending to arrive from Google Drive or from a colleague’s email address. Social engineering is used in an attempt to trick the victim into exposing their login credentials.  
  • Another vector employed SMS messages containing a link and claiming to inform the recipient of an attempt to compromise their email account. Just as in the previous type of attack, the link directs to a URL shortening service leading to a malicious website attempting to phish for the victim’s credentials.
  • A third attack vector employed a fake unauthorised login attempt alert, where the intended victim is informed that a North Korean attacker tried to compromise their Yahoo email address and is asked to secure their account. Previously, the victim was informed that someone from North Korea changed their email recovery options.
  • The fourth attack vector employed recently by Charming Kitten was social network impersonation. In an attempt to grab login credentials, the attackers have created fake sites for Instagram, Facebook, Twitter, Google, and the National Iranian-American Council.

Although not new for Charming Kitten, the targeting of Yahoo accounts is something that the group hasn’t done for a couple of years. Since 2017, the hackers focused on Google accounts instead, but it seems they are now back again at targeting Yahoo accounts and impersonating Yahoo services.

Security Week:           ClearSky:  

You Might Also Read: 

US Campaigners Get Trained About Cyber Threats:

 

« Google Creates Video Tools To Fight Deepfakes
US 2020 Presidential Campaign Cyber Security Examined »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.