Iranian hackers are scrambling to find out exactly what Western researchers and academia are working on and discussing, especially about Palestine and Israel, to the point that they have launched a new, hard-to-detect phishing campaign against those. individuals, with the aim of installing malware that steals information.
This is according to Microsoft, whose security researchers recently raised the alarm about the campaign.
According to the report, a subgroup of a well-known state-sponsored threat actor APT35 (also known as Charming Kitten or Phosphorus) is involved in phishing attacks against high-profile employees of research organizations and universities in Europe and the United States. Emails are tailor-made and often surpass email security services.
Middle East in the spotlight
“Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle East affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom and the United States.” Microsoft said in the report. “In this campaign, Mint Sandstorm used custom phishing lures in an attempt to socially engineer targets into downloading malicious files. In a handful of cases, Microsoft observed new post-intrusion techniques, including the use of a new custom backdoor called MediaPl”.
In addition to MediaPI, which appears to be designed to open an encrypted communications channel with compromised operators and endpoints, APT35 is also removing MischiefTut, a backdoor that allows them to execute commands and mount reconnaissance activities.
“These individuals, who work with or have the potential to influence the intelligence and policy communities, are attractive targets for adversaries seeking to gather intelligence for states that sponsor their activity, such as the Islamic Republic of Iran,” he said. Microsoft. “Based on the identities of the targets observed in this campaign and the use of decoys related to the war between Israel and Hamas, it is possible that this campaign is an attempt to gather perspectives on war-related events from people across the spectrum. ideological.
Via BleepingComputer
