APT35 – WindowsTechs.com

Iranian government-backed hackers target critical infrastructure with ransomware, US says

Posted on November 17, 2021 by Tim Starks

U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure. The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian “advanced persistent threat” groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care. In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations,” the subject of another recent CISA alert. “The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including […]

The post Iranian government-backed hackers target critical infrastructure with ransomware, US says appeared first on CyberScoop.

Continue reading Iranian government-backed hackers target critical infrastructure with ransomware, US says→

Iran-linked spies used Christmas as cover for spearphishing, researchers say

Posted on January 14, 2021 by Joe Warminsky

A cyber-espionage group linked to the Iranian government timed a mobile phishing campaign with the Christmas holidays, using email and text messages to target individuals at think tanks, universities and elsewhere, according to new research. Known as Charming Kitten, APT35 or Phosphorous, the group sent fake text messages from “Google Account Recovery” and fake emails with Christmas content, reports the cybersecurity organization CERFTA, which specializes in Iran-related research. The goal was to use malicious web pages to capture login credentials and “steal sensitive data from their victims,” CERTFA said. “The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,” CERTFA says. “Charming Kitten has taken full advantage of this timing to execute its […]

The post Iran-linked spies used Christmas as cover for spearphishing, researchers say appeared first on CyberScoop.

Continue reading Iran-linked spies used Christmas as cover for spearphishing, researchers say→

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Posted on October 28, 2020 by Shannon Vavra

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of upcoming the Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research. The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively. In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in blog published Wednesday morning. “We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape […]

The post Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says appeared first on CyberScoop.

Continue reading Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says→

Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)

Posted on September 11, 2020 by Richi Jennings

It comes as no surprise to hear that Russia is up to its old tricks. China and Iran are also in on the game.
The post Russia, China, Iran Meddle in 2020 Election (Unsurprisingly) appeared first on Security Boulevard.
Continue reading Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)→

40GB of leaked videos expose how Iranian hackers hijack email accounts

Posted on July 17, 2020 by Deeba Ahmed

By Deeba Ahmed
The trove of videos showing how Iranian hackers function was identified…
This is a post from HackRead.com Read the original post: 40GB of leaked videos expose how Iranian hackers hijack email accounts
Continue reading 40GB of leaked videos expose how Iranian hackers hijack email accounts→

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

Posted on June 4, 2020 by Lindsey O'Donnell

Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails. Continue reading Trump, Biden Campaign Staffers Targeted By APT Phishing Emails→

Group rumored to be behind campaign hack also going after cybersecurity researchers

Posted on October 8, 2019 by Sean Lyngaas

An Iran-linked hacking group that targeted a U.S. presidential campaign has also been trying to breach the cybersecurity analysts have outed the hacking efforts, new research shows. The hackers recently sent researchers at Israeli company ClearSky Cyber Security malware-laced emails purporting to be from an antivirus company, according to Ohad Zaidenberg, the company’s senior cyber intelligence researcher. The hacking group, which analysts say works in support of Iranian interests, also set up a phishing website mimicking that of ClearSky and a web-mail page “built to attack our clients,” Zaidenberg told CyberScoop. While ClearSky did not elaborate on the attempted breaches of the company, the episode highlights the lengths to which the group might go to try to infiltrate the cybersecurity specialists who track them. And it is just the latest activity in what has been a busy few months for the Iranian computer operatives, known to researchers as Charming Kitten, […]

The post Group rumored to be behind campaign hack also going after cybersecurity researchers appeared first on CyberScoop.

Continue reading Group rumored to be behind campaign hack also going after cybersecurity researchers→

Microsoft slaps down 99 APT35/Charming Kitten domains

Posted on April 1, 2019 by Lisa Vaas

Court order in hand, Microsoft seized control of the hacker group’s (which it calls Phosphorous) phishing sites. Continue reading Microsoft slaps down 99 APT35/Charming Kitten domains→

Microsoft Hurts Charming Kitten (aka the APT35 Iran Hacking Group)

Posted on March 28, 2019 by Richi Jennings

Microsoft has damaged a hacking group thought to be run by the Iranian military. APT35—also known as Charming Kitten, Ajax, and Phosphorus—has now lost control of 99 internet domains it was using in spear-phishing attacks on journalists and activists…. Continue reading Microsoft Hurts Charming Kitten (aka the APT35 Iran Hacking Group)→

Microsoft uses court order to shut down APT35 websites

Posted on March 27, 2019 by Sean Lyngaas

Microsoft has used a court order to wrest control of 99 websites from suspected Iranian hackers that were using them to conduct cyberattacks, court documents unsealed Wednesday show. The tech giant last week took down websites that were “core to [the] operations” of an Iranian hacking group known as APT35 or Phosphorus, Tom Burt, a Microsoft vice president, wrote in a blog post. APT35, also known as Charming Kitten, used spoofed websites of well-known companies, including Microsoft and Yahoo, to conduct their malicious activity, he said. But the court order will force the group to recreate some of that infrastructure. The hackers have sought to steal sensitive information from businesses and government agencies, Burt wrote, though he did not specify the targets by name. APT35 also has a penchant for targeting journalists and activists who focus on Iran. Multiple years of tracking the group allowed Microsoft to build a “decisive legal […]

The post Microsoft uses court order to shut down APT35 websites appeared first on CyberScoop.

Continue reading Microsoft uses court order to shut down APT35 websites→