1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • State-backed Iranian hackers spread malware through links to fake

    From TechnologyDaily@1337:1/100 to All on Thu Sep 8 16:30:03 2022
    State-backed Iranian hackers spread malware through links to fake VPN apps

    Date:
    Thu, 08 Sep 2022 15:13:13 +0000

    Description:
    Cybersecurity firm Mandiant found evidence of attacks targeting "the enemies of the Iranian state" since 2015

    FULL STORY ======================================================================

    A highly resourceful Iranian state-backed hacker group uses malicious links
    to VPN apps sent via SMS texts to inject spyware, a cybersecurity firm reports.

    Mandiant found evidence that APT42 (advanced persistent threat) has been conducting such attacks against what they described as "the enemies of the Iranian state" since 2015, with the goal of harvesting sensitive data and spying on victims.

    They also claim with "moderate confidence" that the group is aligned with the Islamic Revolutionary Guard Corps Intelligence (IRGC-IO), who Washington designates as a terrorist organization.

    This malware is not just spread hidden behind the reputation of some of the best VPN services, though. Well-crafted phishing emails, mischievous webpages to free messaging apps and adult-only sites have also been employed. Mobile malware to pose worrying real-world risks

    As Mandiant reports : "The use of Android malware to target individuals of interest to the Iranian government provides APT42 with a productive method of obtaining sensitive information on targets, including movement, contacts, and personal information.

    "The group's proven ability to record phone calls, activate the microphone
    and record the audio, exfiltrate images and take pictures on command, read
    SMS messages, and track the victim's GPS location in real-time poses a real-world risk to individual victims of this campaign."

    Researchers observed over 30 confirmed operations across 14 countries worldwide so far, spanning its seven years of activity. However, they believe the total number to be much larger than that.

    Western think tanks, researchers, journalists, current Western government officials, former Iranian government officials, dissidents and the Iranian diaspora abroad have all been amongst the victims of such attacks. Mandiant
    is releasing details on Iranian actor APT42 today. They are carrying out a campaign against the enemies of the Iranian state. We believe they are linked to the IRGC. This is entirely separate from the Albania shenanigans. 1/x https://t.co/d4gyQQc88e September 7, 2022 See more Data harvesting and surveillance operations

    APT42's campaigns have two main goals: gathering targets' sensitive data like personal email credentials, multi-factor authentication codes and private communication records, while tracking victims' location data to carry on
    major surveillance operations .

    The group's cunning playbook is gaining the trust of targets, engaging in conversation that can even last several weeks before finally sending the phishing email. In an instance, hackers pretended to be journalists working for a famous US media outlet for 37 days before launching the attack. Read more

    Free Chinese VPN exposed millions of users' data



    Are VPNs really safe? How to check your service's security



    Our pick of the most secure VPN providers around right now

    In the case of mobile malware, APT42 have been successfully targeting
    internet users that were looking for circumventing tools to bypass the strict government restrictions. And, being that over 80% of Iranians uses such software to escape online censorship, citizens' safety seems never been so at stake.

    The Mandiant report further pointed out how the group - believed to be also linked to the infamous APT35 that last year managed to infiltrate Play Store with fake VPN apps - has been proficient at quickly shaping its strategies
    and targets to align with Iran's domestic and geopolitical interests.

    "We assess with high confidence that APT42 will continue to perform cyber espionage and surveillance operations aligned with evolving Iranian operational intelligence collection requirements."



    ======================================================================
    Link to news story: https://www.techradar.com/news/state-backed-iranian-hackers-spread-malware-thr ough-links-to-fake-vpn-apps/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)