Iranian Hacking Group Deploys Customised Spyware

Uploaded on 2022-10-04 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY--Hackers

An Iran-based Hacking cyber espionage group is believed to be behind a series of cyber attacks on organisations and individuals opposed to the Iranian government, going as far back as 2015. 

The Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.

APT42 is a state-sponsored threat actor who conducts cyberespionage against individuals and organisations that hold a particular interest to the Iranian government.

The primary goal of the group appears to be intelligence collection. Their activity typically starts with spear-phishing campaigns directed against prominent individuals, or colleagues near them. The group has also been seen deploying Android malware via smishing campaigns, which allow them to track the location of their victims, read their messages and record their phone calls, amongst other actions. 

Now, the cyber security firm Mandiant has released information on APT42.  Mandiant says that the group functions as the cyber arm of Iran's Islamic Revolutionary Guard Corps (IRGC) and claims to have found at least 30 victims of APT42. The actual count is likely much higher, given the group’s “high operational tempo” and the lack of visibility stemming from its targeting of personal email accounts. 

The group is allegedly using custom Android malware to spy on targets. Mandiant is understood to have collected enough evidence to prove that the group is separate from other previously identified groups. 

APT42’s activity spans back several years and includes spear-phishing campaigns that lasted several months and targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The group switched targets multiple times to match changing intelligence-collection interests. For example, in 2020, APT42 used phishing emails impersonating an Oxford University vaccine laboratory to target foreign pharmaceuticals.

The hackers aim to steal account credentials, access device storage, extract communication data, and track victims, according to Mandiant. The custom Android malware strain it deploys is capable of all of these malicious activities.

More recently, in February 2022, the hackers impersonated a British news agency to target political science professors in Belgium and the United Arab Emirates. In most cases, the hackers aimed at credential harvesting by directing their victims to phishing pages made to appear as legitimate login portals.

Mandiant:     Binary Defense:   Oodaloop:    Bleeping Computer:   Infosecurity Magazine:   

The RegisterNew Times of India

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:
 

« British Girl’s Suicide Puts Spotlight On Social Media
EU Businesses Risk Fines For Not Complying With IoT Security Rules »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.