Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign

An Iranian state-sponsored group often referred to as Iran’s Islamic Revolutionary Guard Corps IRGC is making headlines again this season as Meta disclosed that the cybercriminals targeted WhatsApp users in Israel, Palestine, Iran, the UK, and the US. Other names for this group—depending on the...

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The...

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the...

A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group...

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

APT42’s Operations Employ “Nicecurl” and “Tamecat” Malwares

...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries

The U.K. National Cyber Security Centre NCSC on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense,...

Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics

Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed ...

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents

A state-sponsored advanced persistent threat APT actor newly christened APT42 formerly UNC788 has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the...

Is APT 42 a significant threat in the future?

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT42 is an Iranian state-sponsored cyber espionage group. The gang, which has been operating since at least 2015, is distinguished by its highly targeted spear phishing and surveillance operations...