Iranian Hacking Group Deploys Customised Spyware

Uploaded on 2022-10-04 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY--Hackers

An Iran-based Hacking cyber espionage group is believed to be behind a series of cyber attacks on organisations and individuals opposed to the Iranian government, going as far back as 2015. 

The Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.

APT42 is a state-sponsored threat actor who conducts cyberespionage against individuals and organisations that hold a particular interest to the Iranian government.

The primary goal of the group appears to be intelligence collection. Their activity typically starts with spear-phishing campaigns directed against prominent individuals, or colleagues near them. The group has also been seen deploying Android malware via smishing campaigns, which allow them to track the location of their victims, read their messages and record their phone calls, amongst other actions. 

Now, the cyber security firm Mandiant has released information on APT42.  Mandiant says that the group functions as the cyber arm of Iran's Islamic Revolutionary Guard Corps (IRGC) and claims to have found at least 30 victims of APT42. The actual count is likely much higher, given the group’s “high operational tempo” and the lack of visibility stemming from its targeting of personal email accounts. 

The group is allegedly using custom Android malware to spy on targets. Mandiant is understood to have collected enough evidence to prove that the group is separate from other previously identified groups. 

APT42’s activity spans back several years and includes spear-phishing campaigns that lasted several months and targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The group switched targets multiple times to match changing intelligence-collection interests. For example, in 2020, APT42 used phishing emails impersonating an Oxford University vaccine laboratory to target foreign pharmaceuticals.

The hackers aim to steal account credentials, access device storage, extract communication data, and track victims, according to Mandiant. The custom Android malware strain it deploys is capable of all of these malicious activities.

More recently, in February 2022, the hackers impersonated a British news agency to target political science professors in Belgium and the United Arab Emirates. In most cases, the hackers aimed at credential harvesting by directing their victims to phishing pages made to appear as legitimate login portals.

Mandiant:     Binary Defense:   Oodaloop:    Bleeping Computer:   Infosecurity Magazine:   

The RegisterNew Times of India

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:
 

« British Girl’s Suicide Puts Spotlight On Social Media
EU Businesses Risk Fines For Not Complying With IoT Security Rules »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

ERPScan

ERPScan

ERPScan’s primary mission is to provide Smart solutions to assess and protect ERP systems and business-critical applications from both cyber-attacks and internal fraud.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Secure Access Technologies (SAT)

Secure Access Technologies (SAT)

SAT provides a security solution that’s ready to replace passwords with adaptive multi-factor authentication.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.