• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • UVCeed Mobile UVC Light Sanitizer for $119

    UVCeed Mobile UVC Light Sanitizer for $119
  • AddStars Reviews: Lifetime Subscription for $59

    AddStars Reviews: Lifetime Subscription for $59
  • Locker Password Manager Premium Plan: Lifetime Subscription for $49

    Locker Password Manager Premium Plan: Lifetime Subscription for $49
  • The 2023 Complete Blender Bundle: Learn to Create Game Art in Blender for $34

    The 2023 Complete Blender Bundle: Learn to Create Game Art in Blender for $34
  • The 2023 Complete AWS Cloud Engineer, Developer & Architect Course Bundle for $49

    The 2023 Complete AWS Cloud Engineer, Developer & Architect Course Bundle for $49
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents

Sep 11, 2022 by iHash Leave a Comment

Espionage Attacks Against Iranian government

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015.

Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (IRGC), not to mention shares partial overlaps with another cluster called APT35, which is also known as Charming Kitten, Cobalt Illusion, ITG18, Phosphorus, TA453, and Yellow Garuda.

APT42 has exhibited a propensity to strike various industries such as non-profits, education, governments, healthcare, legal, manufacturing, media, and pharmaceuticals spanning at least 14 countries, including in Australia, Europe, the Middle East, and the U.S.

Intrusions aimed at the pharmaceutical sector are also notable for the fact that they commenced at the onset of the COVID-19 pandemic in March 2020, indicating the threat actor’s ability to swiftly modify its campaigns in order to meet its operational priorities.

CyberSecurity

“APT42 uses highly targeted spear-phishing and social engineering techniques designed to build trust and rapport with their victims in order to access their personal or corporate email accounts or to install Android malware on their mobile devices,” Mandiant said in a report.

The goal is to exploit the fraudulent trust relationships to steal credentials, enabling the threat actor to leverage the access to conduct follow-on compromises of corporate networks to gather sensitive data and use the breached accounts to phish additional victims.

Attack chains involve a mix of highly targeted spear-phishing messages aimed at individuals and organizations of strategic interest to Iran. They are also conceived with the intent to build trust with former government officials, journalists, policymakers, and the Iranian diaspora abroad in hopes of distributing malware.

Outside of using hacked email accounts associated with think tanks to target researchers and other academic organizations, APT42 is often known to impersonate journalists and other professionals to engage with the victims for several days or even weeks before sending a malicious link.

Espionage Attacks Against Iranian government

In one attack observed in May 2017, the group targeted members of an Iranian opposition group operating from Europe and North America with email messages that contained links to rogue Google Books pages, which redirected victims to sign-in pages designed to siphon credentials and two-factor authentication codes.

Surveillance operations involve the distribution of Android malware such as VINETHORN and PINEFLOWER via text messages that are capable of recording audio and phone calls, extracting multimedia content and SMSes, and tracking geolocations. A VINETHORN payload spotted between April and October 2021 masqueraded as a VPN app called SaferVPN.

“The use of Android malware to target individuals of interest to the Iranian government provides APT42 with a productive method of obtaining sensitive information on targets, including movement, contacts, and personal information,” the researchers noted.

The group is also said to use a raft of lightweight Windows malware from time to time – a PowerShell toehold backdoor named TAMECAT, a VBA-based macro dropper dubbed TABBYCAT, and a reverse shell macro known as VBREVSHELL – to augment their credential harvesting and espionage activities.

CyberSecurity

APT42’s links to APT35 stems from links to an uncategorized threat cluster tracked as UNC2448, which Microsoft (DEV-0270) and Secureworks (Cobalt Mirage) disclosed as a Phosphorus subgroup carrying out ransomware attacks for financial gain using BitLocker.

Mandiant’s analysis further lends credence to Microsoft’s findings that DEV-0270/UNC2448 is operated by a front company that uses two public aliases, namely Secnerd and Lifeweb, both of which are connected to Najee Technology Hooshmand.

That having said, it’s suspected the two adversarial collectives, despite their affiliation with IRGC, originate from disparate missions based on differences in targeting patterns and the tactics employed.

A key point of distinction is that while APT35 is oriented towards long-term, resource-intensive operations targeting different industry verticals in the U.S. and the Middle East, APT42’s activities focus on individuals and entities for “domestic politics, foreign policy, and regime stability purposes.”

“The group has displayed its ability to rapidly alter its operational focus as Iran’s priorities change over time with evolving domestic and geopolitical conditions,” the researchers said.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Activists, APT42, attacks, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Dissidents, espionage, hacker news, hacking news, how to hack, information security, Iranian, Launched, network security, ransomware malware, software vulnerability, the hacker news

Special Offers

  • UVCeed Mobile UVC Light Sanitizer for $119

    UVCeed Mobile UVC Light Sanitizer for $119
  • AddStars Reviews: Lifetime Subscription for $59

    AddStars Reviews: Lifetime Subscription for $59
  • Locker Password Manager Premium Plan: Lifetime Subscription for $49

    Locker Password Manager Premium Plan: Lifetime Subscription for $49
  • The 2023 Complete Blender Bundle: Learn to Create Game Art in Blender for $34

    The 2023 Complete Blender Bundle: Learn to Create Game Art in Blender for $34
  • The 2023 Complete AWS Cloud Engineer, Developer & Architect Course Bundle for $49

    The 2023 Complete AWS Cloud Engineer, Developer & Architect Course Bundle for $49

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Apple’s Worldwide Developers Conference returns June 5

Mar 30, 2023 By iHash

UVCeed Mobile UVC Light Sanitizer for $119

Mar 30, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

Heard on the Street – 3/30/2023

Welcome to insideBIGDATA’s “Heard on the Street” round-up column! In this regular feature, we highlight thought-leadership commentaries from members of the big data ecosystem. Each edition covers the trends of the day with compelling perspectives that can provide important insights to give you a competitive advantage in the marketplace. We invite submissions with a focus […]

3CX Desktop App Supply Chain Attack Leaves Millions at Risk

Mar 30, 2023Ravie LakshmananSupply Chain / Software Security 3CX said it’s working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that’s using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream […]

AddStars Reviews: Lifetime Subscription for $59

Expires June 27, 2023 23:59 PST Buy now and get 90% off KEY FEATURES Why wait for customers to visit your website to see your reviews when AddStars will display them ALL, right where customers are searching – on Google’s search listings. AddStars is an innovative and comprehensive review aggregation tool that provides a range […]

Feed the Beast: How to Get Business Analytics Delivering

In this contributed article, Chonchol Gupta, CEO, Rebirth Analytics, believes that if enterprises want to identify and swerve risk, they require a radical rethink of how they obtain the data that fuels their analytics engines. With a long pedigree in Fintech, InsureTech, and supply chain innovation, Chonchol has more than a decade’s experience as a […]

The 2023 Complete Blender Bundle: Learn to Create Game Art in Blender for $34

Expires March 29, 2123 23:59 PST Buy now and get 94% off Blender Character Creator for Video Game Design KEY FEATURES Take your first steps to becoming a 3D character artist – learn everything from modeling to painting to animating the character. The course is the sequel to the highly popular Blender Character Creator course, […]

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

Mar 29, 2023Ravie LakshmananCryptocurrency / Malware Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. “Clipboard injectors […] can be silent for years, show no network activity or any other signs of presence until the disastrous […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT