Iranian Hackers Deploy New Spear-Phishing Techniques

The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, according to researchers form ClearSky.

The attacks are related to a campaign aimed at disrupting the 2020 US presidential candidate targeting government officials, media targets, and prominent expatriate Iranians which is known to have resulted in four accounts being compromised out of a total of 241 targeted.

“Iran was not known as a country who tends to interfere in elections around the world. From a historical perspective, this type of cyber activity had been attributed mainly to the Russian APT groups,” ClearSky notes in their report.

Charming Kitten, a group also tracked as APT35, Ajax Security Team, NewsBeef, Newscaster, and Phosphorus, has been, targeting activists and journalists focusing on the Middle East, US organisations, and entities located in Israel, the U.K., Saudi Arabia and Iraq. 

As part of the newly observed campaign, ClearSky says, the group used four different spear-phishing methods including password recovery impersonation, spear-phishing emails, and spear-phishing via SMS messages.

  • The first impersonation vector used was a message with a link pretending to arrive from Google Drive or from a colleague’s email address. Social engineering is used in an attempt to trick the victim into exposing their login credentials.  
  • Another vector employed SMS messages containing a link and claiming to inform the recipient of an attempt to compromise their email account. Just as in the previous type of attack, the link directs to a URL shortening service leading to a malicious website attempting to phish for the victim’s credentials.
  • A third attack vector employed a fake unauthorised login attempt alert, where the intended victim is informed that a North Korean attacker tried to compromise their Yahoo email address and is asked to secure their account. Previously, the victim was informed that someone from North Korea changed their email recovery options.
  • The fourth attack vector employed recently by Charming Kitten was social network impersonation. In an attempt to grab login credentials, the attackers have created fake sites for Instagram, Facebook, Twitter, Google, and the National Iranian-American Council.

Although not new for Charming Kitten, the targeting of Yahoo accounts is something that the group hasn’t done for a couple of years. Since 2017, the hackers focused on Google accounts instead, but it seems they are now back again at targeting Yahoo accounts and impersonating Yahoo services.

Security Week:           ClearSky:  

You Might Also Read: 

US Campaigners Get Trained About Cyber Threats:

 

« Google Creates Video Tools To Fight Deepfakes
US 2020 Presidential Campaign Cyber Security Examined »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

AutoRABIT

AutoRABIT

AutoRABIT provides DevSecOps tools built specifically for Salesforce developers to increase release velocity, produce consistently high-quality code, and enhance data security.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.