Iranian hackers continue waging attacks, Google warns

APT35 has targeted “high-value” accounts in government, journalism, academia, nonprofits, foreign policy and national security, which play a role in how the international community view Iran, according to Google. — AFP Relaxnews

An Iranian hacking group that targeted a US presidential campaign in last year’s election has continued to wage widespread attacks, using an evolving list of tactics to dupe victims into clicking on malicious links.

Known variously as APT35, Phosphorous, Charming Kitten and Ajax Security team, the hacking group has for years “hijacked accounts, deployed malware and used novel techniques to conduct espionage aligned with the interests of the Iranian government”, according to a blog posted Thursday by Google’s Threat Analysis Group.

APT35 has targeted “high-value” accounts in government, journalism, academia, nonprofits, foreign policy and national security, which play a role in how the international community view Iran, according to Google.

“Iran is very affected by how the international community sees it and puts pressure on it,” Shane Huntley, director of the Threat Analysis Group. Iranian activists and civil servants have also been targeted by the hacking group, he said.

Officials with Iran’s Foreign Ministry didn’t respond to requests for comment.

One technique the group has used since 2017 is to use a compromised website to convince victims to click on phishing links. In early 2021, for instance, APT35 sent email messages with links to a fake website where users were instructed to activate an invitation to a webinar by logging in – an attempt to harvest credentials for platforms such as Gmail and Yahoo!, according to Google.

Officials at SOAS University of London didn’t respond to requests for comment. In a statement in July, the university said the hackers “created gmail accounts to pretend to be academics and created a dummy site to seek to collect data from people they were targeting”. The fake site wasn’t placed on the university’s website but rather on that of SOAS Radio, an independent radio station and production company based at the university. “There was no suggestion of breach of cybersecurity by any SOAS staff.”

APT35 also attempted last year to upload spyware to the Google Play Store, an app disguised as VPN software that could have stolen sensitive information such as call logs, text messages and location data from devices, according to the blog. Google detected it and removed it before any users had a chance to install it. APT35 has attempted to install the spyware on other platforms as recently as July 2021, according to the blog.

The hackers also posed as conference officials to trick victims into downloading malicious code. They used the Munich Security and Think-20 Italy conferences as lures, first sending a harmless email to get users to respond and then following up with phishing links in follow-on correspondence, according to Google.

While high volumes of attacks have continued, the success rate of APT35 has declined as Google learns more about the campaign, Huntley said.

In June 2020, Google said its Threat Analysis Group had detected phishing attacks from APT35 targeting the campaign staff of then President Donald Trump. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Phishing attacks , hackers


Next In Tech News

This connected device tells you how clean your fruit and veggies are
Fed's Quarles says regulatory overkill could stifle stablecoin innovation
Pratt announces update of A320neo engine
Uber to test audio recording safety feature in the U.S
SoftBank and celebrities back funding for faith-based app
CNH Industrial buys software house NX9 to bolster agriculture business
MTN and Airtel Africa among bidders for Nigerian 5G licences
Bank of Ireland fined 24.5 million euros over IT failures
Twitter removes more than 3,000 accounts related to state-linked information operations
Robotaxis roaming around Yokohama are winning over unlikely fans

Others Also Read