Category Archives: Phosphorous

Analysis of well-known Iranian hacking group points to more purely financial attacks

Posted on by

The government-linked hacking activity is both an intel-gathering effort as well as a money maker, researchers say.

The post Analysis of well-known Iranian hacking group points to more purely financial attacks appeared first on CyberScoop.

Continue reading Analysis of well-known Iranian hacking group points to more purely financial attacks

Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns

Posted on by

Hackers associated with the governments of China, Iran, North Korea and Turkey have been trying to find ways to leverage the Apache Log4j vulnerability, Microsoft’s Threat Intelligence Team said Tuesday. The notice came the same day a top U.S. government cyber official said that the Cybersecurity and Infrastructure Security Agency hasn’t seen any U.S. federal agencies targeted with the exploit, but that the government is still fearful of attacks. Hundreds of millions of devices are potentially at risk, an agency official previously said. Microsoft’s notice said its analysts had observed “multiple” known state-associated hacking groups working with the vulnerability, with activity ranging from experimentation to integration in active campaigns to exploitation of targets. The flaw is so severe, computer security specialists have warned, that a successful attack could result in the takeover of an affected system. An Iranian group Microsoft calls “Phosphorus” — known alternatively as “Charming Kitten” — that […]

The post Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns appeared first on CyberScoop.

Continue reading Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns

Iran-linked spies used Christmas as cover for spearphishing, researchers say

Posted on by

A cyber-espionage group linked to the Iranian government timed a mobile phishing campaign with the Christmas holidays, using email and text messages to target individuals at think tanks, universities and elsewhere, according to new research. Known as Charming Kitten, APT35 or Phosphorous, the group sent fake text messages from “Google Account Recovery” and fake emails with Christmas content, reports the cybersecurity organization CERFTA, which specializes in Iran-related research. The goal was to use malicious web pages to capture login credentials and “steal sensitive data from their victims,” CERTFA said. “The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,” CERTFA says. “Charming Kitten has taken full advantage of this timing to execute its […]

The post Iran-linked spies used Christmas as cover for spearphishing, researchers say appeared first on CyberScoop.

Continue reading Iran-linked spies used Christmas as cover for spearphishing, researchers say

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Posted on by

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of upcoming the Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research. The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively. In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in blog published Wednesday morning. “We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape […]

The post Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says appeared first on CyberScoop.

Continue reading Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

Posted on by

Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers. Continue reading Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

Charming Kitten Uses Fake Interview Requests to Target Public Figures

Posted on by

APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details. Continue reading Charming Kitten Uses Fake Interview Requests to Target Public Figures

FBI Plans to Inform States of Election Breaches

Posted on by

The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure. Continue reading FBI Plans to Inform States of Election Breaches