Iran – A report prepared by the information security company Mandiant revealed that a group linked to Iran carried out electronic espionage activities targeting non-governmental organizations, media outlets, academics, and activists in the West and the Middle East.
The report, published by a blog affiliated with Google, indicated that “the group impersonates journalists and event organizers to build trust with their victims through correspondence, before sending invitations to conferences.”
The report monitored “the group’s use of custom malware called “Nice Curl” and “TeamKat,” which are sent to targets using precisely targeted phishing messages, with the aim of the attackers obtaining an initial entry point into the victims’ systems.”
The report explained that “the group, which works for the Iranian Revolutionary Guard Intelligence, resorts to sophisticated tricks.” These tricks allow credentials and login data to be stolen and used to access cloud environments, to later secretly leak data of strategic importance to Iran.
Attackers can exploit entry points to enter and execute commands on compromised systems, or to plant more malware within the targeted network.
The report concluded that the goals and tasks of the “APT42” group are consistent with its affiliation with the Revolutionary Guard Intelligence Organization, which is part of the Iranian intelligence apparatus responsible for monitoring and preventing external threats and internal unrest.
The group’s activities also overlap with other previously reported electronic entities, such as the “Kalank” groups, “Charmin Kitten”, “Mint Sandcentrum”, and others.
Source: i24
#Report #Iran #conducts #espionage #activities #targeting #organizations #media #academic #entities #West #Middle #East
2024-05-03 07:16:14
