Iranian Hackers Deploy New Spear-Phishing Techniques

Uploaded on 2019-10-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, according to researchers form ClearSky.

The attacks are related to a campaign aimed at disrupting the 2020 US presidential candidate targeting government officials, media targets, and prominent expatriate Iranians which is known to have resulted in four accounts being compromised out of a total of 241 targeted.

“Iran was not known as a country who tends to interfere in elections around the world. From a historical perspective, this type of cyber activity had been attributed mainly to the Russian APT groups,” ClearSky notes in their report.

Charming Kitten, a group also tracked as APT35, Ajax Security Team, NewsBeef, Newscaster, and Phosphorus, has been, targeting activists and journalists focusing on the Middle East, US organisations, and entities located in Israel, the U.K., Saudi Arabia and Iraq. 

As part of the newly observed campaign, ClearSky says, the group used four different spear-phishing methods including password recovery impersonation, spear-phishing emails, and spear-phishing via SMS messages.

  • The first impersonation vector used was a message with a link pretending to arrive from Google Drive or from a colleague’s email address. Social engineering is used in an attempt to trick the victim into exposing their login credentials.  
  • Another vector employed SMS messages containing a link and claiming to inform the recipient of an attempt to compromise their email account. Just as in the previous type of attack, the link directs to a URL shortening service leading to a malicious website attempting to phish for the victim’s credentials.
  • A third attack vector employed a fake unauthorised login attempt alert, where the intended victim is informed that a North Korean attacker tried to compromise their Yahoo email address and is asked to secure their account. Previously, the victim was informed that someone from North Korea changed their email recovery options.
  • The fourth attack vector employed recently by Charming Kitten was social network impersonation. In an attempt to grab login credentials, the attackers have created fake sites for Instagram, Facebook, Twitter, Google, and the National Iranian-American Council.

Although not new for Charming Kitten, the targeting of Yahoo accounts is something that the group hasn’t done for a couple of years. Since 2017, the hackers focused on Google accounts instead, but it seems they are now back again at targeting Yahoo accounts and impersonating Yahoo services.

Security Week:           ClearSky:  

You Might Also Read: 

US Campaigners Get Trained About Cyber Threats:

 

« Google Creates Video Tools To Fight Deepfakes
US 2020 Presidential Campaign Cyber Security Examined »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Cyber Husky

Cyber Husky

Cyber Husky is an agile technology company that specializes in cloud solutions, cybersecurity, and managed IT services.