September 30, 2024 at 08:00AM The US announced charges, sanctions, and rewards in response to Iranian hacking operations targeting the 2024 election. Iran’s cyber campaign targeted the Biden, Trump, and Harris campaigns, offering stolen information to the Biden campaign. Charges were announced against 3 employees of Iran’s IRGC, with the State Department offering a $10 … Read more
August 30, 2024 at 12:31AM Iranian government-backed actors were reportedly using fake recruiting websites and social media accounts to target Farsi speakers suspected of collaborating with Iran’s enemies, including Israel. Google’s Mandiant team uncovered the operation, linking it to Iran’s regime and cyber unit APT42. The campaign’s purpose was to gather personal information and potentially … Read more
August 24, 2024 at 03:42AM Meta Platforms recently disclosed activities of an Iranian state-sponsored threat actor using WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S., particularly political and diplomatic officials. The accounts, attributed to APT42, are associated with Iran’s Islamic Revolutionary Guard Corps. The U.S. government formally accused Iran … Read more
August 16, 2024 at 01:54PM Cyber threats to the 2024 US elections have recently surged, posing a significant risk. Incidents include a Telegram bot targeting Democratic party credentials, false accusations involving AI, and phishing emails sent to presidential campaigns. Campaigns face similar security risks to other organizations, but new finance rules allow for external cybersecurity … Read more
August 15, 2024 at 12:30PM Google confirmed Iranian cyber influence activity targeting US political figures, including Trump, Biden, and Harris, with phishing tactics and social engineering. APT42, part of the Iranian Revolutionary Guard Corps, used “Cluster C” phishing activity and Bitly links to target officials. Similar attacks were observed on Israeli officials, themed around the … Read more
August 15, 2024 at 09:21AM Google has disrupted an Iranian state-sponsored hacking campaign targeting individuals linked to the US elections. The campaign, attributed to APT42, targeted personal email accounts of former US officials and affiliates of President Biden and former President Trump. Google has proactively referred the activity to law enforcement and observed the use … Read more
May 7, 2024 at 09:57AM Iranian state-backed hacking group APT42 utilizes advanced social engineering tactics to breach target networks and cloud environments. The group impersonates journalists and event organizers to gain trust and steal credentials, operating as part of the larger APT35 group. Their operations involve extensive credential harvesting and data exfiltration while evading detection. … Read more
May 6, 2024 at 09:15AM Iran’s state-sponsored cyberespionage group APT42, also known as Calanque and UNC788, has been using new backdoors to target NGOs, government, and intergovernmental organizations. The group, operating since at least 2015 and believed to be linked to the Islamic Revolutionary Guard Corps, uses social engineering to target academia, activists, media organizations, … Read more
February 22, 2024 at 10:21AM State-sponsored cyber operations are increasingly targeting policy experts in the Middle East and Ukraine. Charming Kitten/CharmingCypress, an Iran-linked group, employs social engineering tactics and malware to compromise targets. Other groups, such as ColdRiver and Jordan-based actors, have also used similar methods to target experts. Volexity advises experts to be vigilant … Read more