Iranian Hacking Group Deploys Customised Spyware

An Iran-based Hacking cyber espionage group is believed to be behind a series of cyber attacks on organisations and individuals opposed to the Iranian government, going as far back as 2015. 

The Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.

APT42 is a state-sponsored threat actor who conducts cyberespionage against individuals and organisations that hold a particular interest to the Iranian government.

The primary goal of the group appears to be intelligence collection. Their activity typically starts with spear-phishing campaigns directed against prominent individuals, or colleagues near them. The group has also been seen deploying Android malware via smishing campaigns, which allow them to track the location of their victims, read their messages and record their phone calls, amongst other actions. 

Now, the cyber security firm Mandiant has released information on APT42.  Mandiant says that the group functions as the cyber arm of Iran's Islamic Revolutionary Guard Corps (IRGC) and claims to have found at least 30 victims of APT42. The actual count is likely much higher, given the group’s “high operational tempo” and the lack of visibility stemming from its targeting of personal email accounts. 

The group is allegedly using custom Android malware to spy on targets. Mandiant is understood to have collected enough evidence to prove that the group is separate from other previously identified groups. 

APT42’s activity spans back several years and includes spear-phishing campaigns that lasted several months and targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The group switched targets multiple times to match changing intelligence-collection interests. For example, in 2020, APT42 used phishing emails impersonating an Oxford University vaccine laboratory to target foreign pharmaceuticals.

The hackers aim to steal account credentials, access device storage, extract communication data, and track victims, according to Mandiant. The custom Android malware strain it deploys is capable of all of these malicious activities.

More recently, in February 2022, the hackers impersonated a British news agency to target political science professors in Belgium and the United Arab Emirates. In most cases, the hackers aimed at credential harvesting by directing their victims to phishing pages made to appear as legitimate login portals.

Mandiant:     Binary Defense:   Oodaloop:    Bleeping Computer:   Infosecurity Magazine:   

The RegisterNew Times of India

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:
 

« British Girl’s Suicide Puts Spotlight On Social Media
EU Businesses Risk Fines For Not Complying With IoT Security Rules »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Veracode

Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications.

Secret Double Octopus

Secret Double Octopus

Secret Double Octopus offers the world’s only keyless multi-shield authentication technology for users and things.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

Neqst

Neqst

Neqst is an investment firm specialising in profitable growth companies within the Nordic software and IT-services sectors.

NSI Global

NSI Global

NSI Global is a specialist Global Risk and Intelligence Advisory Firm. We specialise in Risk Consulting, Security Intelligence, Geopolitical Intelligence, Cyber Security, Digital Forensics, and TSCM.