Iranian Hacking Group Deploys Customised Spyware

Uploaded on 2022-10-04 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY--Hackers

An Iran-based Hacking cyber espionage group is believed to be behind a series of cyber attacks on organisations and individuals opposed to the Iranian government, going as far back as 2015. 

The Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.

APT42 is a state-sponsored threat actor who conducts cyberespionage against individuals and organisations that hold a particular interest to the Iranian government.

The primary goal of the group appears to be intelligence collection. Their activity typically starts with spear-phishing campaigns directed against prominent individuals, or colleagues near them. The group has also been seen deploying Android malware via smishing campaigns, which allow them to track the location of their victims, read their messages and record their phone calls, amongst other actions. 

Now, the cyber security firm Mandiant has released information on APT42.  Mandiant says that the group functions as the cyber arm of Iran's Islamic Revolutionary Guard Corps (IRGC) and claims to have found at least 30 victims of APT42. The actual count is likely much higher, given the group’s “high operational tempo” and the lack of visibility stemming from its targeting of personal email accounts. 

The group is allegedly using custom Android malware to spy on targets. Mandiant is understood to have collected enough evidence to prove that the group is separate from other previously identified groups. 

APT42’s activity spans back several years and includes spear-phishing campaigns that lasted several months and targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The group switched targets multiple times to match changing intelligence-collection interests. For example, in 2020, APT42 used phishing emails impersonating an Oxford University vaccine laboratory to target foreign pharmaceuticals.

The hackers aim to steal account credentials, access device storage, extract communication data, and track victims, according to Mandiant. The custom Android malware strain it deploys is capable of all of these malicious activities.

More recently, in February 2022, the hackers impersonated a British news agency to target political science professors in Belgium and the United Arab Emirates. In most cases, the hackers aimed at credential harvesting by directing their victims to phishing pages made to appear as legitimate login portals.

Mandiant:     Binary Defense:   Oodaloop:    Bleeping Computer:   Infosecurity Magazine:   

The RegisterNew Times of India

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:
 

« British Girl’s Suicide Puts Spotlight On Social Media
EU Businesses Risk Fines For Not Complying With IoT Security Rules »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

Paladion

Paladion

Paladion is a provider of managed IT security services.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.