Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Iranian hacking group expands focus to US politicians, critical infrastructure, researchers find

admin by admin
December 14, 2022
in Cyber News


Written by AJ Vicens

Dec 14, 2022 | CYBERSCOOP

An Iranian hacking group previously thought to mainly focus on compromising academics, journalists and human rights workers now appears to have included U.S. politicians, critical infrastructure and medical researchers to its target list, according to the cybersecurity firm Proofpoint.

The group known as TA453 has quietly added “outlier” attacks to its portfolio over the past two years, seemingly working more closely with Iranian state actors to carry out their bidding, researchers said in a report issued Wednesday.

“We believe that this activity reflects the group’s flexible mandate and possible ad hoc support to hostile operations by Iranian state actors, including the Islamic Revolutionary Guard Corps,” said Sherrod DeGrippo, VP of threat research and detection at Proofpoint.

The group has been quite busy over the past couple of years, she noted. “In 2022 alone, our researchers have observed this group using a social engineering technique we’ve dubbed Multi-Persona Impersonation, and now we’re sharing our observations on anomalous campaigns in which TA453 has deviated from its standard phishing techniques and target victimology.”

The researchers’ additional findings indicate that TA453, which is also known as Charming Kitten, Phosphorous and APT42, may be more worrisome than previously thought, and becoming an important tool for the Iranian government to carry out digital espionage campaigns in support of other operations.

“Adjusting its approaches likely in response to ever changing and expanding priorities, the Proofpoint-observed outlier campaigns are likely to continue and reflect IRGC intelligence collection requirements, including possible support for hostile, and even kinetic, operations,” researchers said.

The “outlier” attacks that Proofpoint has attributed to TA453 include campaigns to target medical researchers, travel agencies, an aerospace engineer, and a realtor involved in the sale of multiple homes near the headquarters of U.S. Central Command in Tampa, Fla.

Proofpoint also tied malware exclusively used by TA453 to target an unnamed “close affiliate” of former National Security Adviser John Bolton, who was the subject of an Islamic Revolutionary Guard Corps death plot beginning in October 2021, according to the U.S. Department of Justice.

The group is also focused on Iranian targets such as the country’s fledgling space program, travel agencies, as well as scholars studying women’s and gender studies in North American universities.

The techniques and tactics used in the outlier campaigns also caught the researchers’ eyes. In one 2021 case, after a U.S. government official commented on the Joint Comprehensive Plan of Action nuclear negotiations, the group targeted the official’s press secretary using a compromised email account belonging to an unnamed local reporter.

Another noteworthy tactic involved the group using the name “Samantha Wolf,” a persona the group uses in social engineering campaigns. The Wolf persona has been used at least three times in 2022, the researchers said, starting in February or March with benign conversation emails sent to an unnamed Middle Eastern energy company.

Confrontational email sent to a U.S.-based academic. (Proofpoint)

In late April, “Samantha pivoted to target a US-based academic Proofpoint previously observed targeted by multiple Iranian intrusion sets, including traditional approaches by TA453,” the researchers said. “This lure broke the typical TA453 mold and used confrontational tactics to increase the urgency behind the lure.”

By late 2022, the researchers observed multiple other “complaint-themed benign conversation emails” sent to senior U.S. and European government officials. “Samantha’s confrontational lures demonstrate an interesting attempt to generate engagement with targets not seen from other TA453 accounts,” the researchers found.



Source link

Previous Post

Lockbit ransomware gang hacked California Department of FinanceSecurity Affairs

Next Post

Australia Inks New Security Deal With Vanuatu – The Diplomat

Next Post

Australia Inks New Security Deal With Vanuatu – The Diplomat

Recommended

China Celebrates German Chancellor’s Trip – The Diplomat

3 months ago

Reward for Information About Capitol Hill Pipe Bomber Raised to $500,000

1 month ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.