Researchers spoke about a new phishing campaign by Iranian government hackers.
Iranian “government” hackers carry out sophisticated social engineering attacks on academia, journalists and academics. Masquerading as specialists from the School of African and Oriental Studies at the University of London, the attackers are trying to ferret out sensitive information.
Researchers at the cybersecurity company Proofpoint called this malicious campaign “Operation SpoofedScholars” and believe that it is behind the APT group TA453, also known as APT35 (according to the FireEye classification), Charming Kitten (according to the ClearSky classification) and Phosphorous (according to the Microsoft classification) … Information security experts suggest that the group is acting in the interests of the Islamic Revolutionary Guard Corps (IRGC).
“The victims identified include Middle East experts from think tanks, senior professors from prominent academic institutions and journalists specializing in the Middle East. This campaign demonstrates the growth and improvement of the methods used by TA453, ”said Proofpoint.
Posing as specialists from the School of African and Oriental Studies (SOAS), attackers send phishing links to selected victims to register for online conferences in order to steal their credentials to log in to Google, Microsoft, Facebook and Yahoo. To make it more convincing, the phishing infrastructure is hosted on a legitimate but compromised SOAS radio.
Interestingly, the TA453 group insisted that victims immediately sign in to register for the webinar while they were online, in order to promptly verify the credentials they received manually.
The Islamic Revolutionary Guard Corps is an elite Iranian military-political formation, created in 1979 from the paramilitary units of Islamic revolutionary committees, supporters of the leader of the Iranian Shiites, Grand Ayatollah Khomeini. She took an active part in the Iran-Iraq war, as well as in the creation of the Hezbollah organization. Officially part of the Iranian Armed Forces. The authorities of the United States, Israel, Saudi Arabia and Bahrain recognize the IRGC as a terrorist organization.
Catch up on more stories here
Follow us on Facebook here