Iranian backed group steps up phishing campaigns against Israel, U.S.

Aug. 26, 2024, 1:06 p.m.

Description

An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-profile individuals in Israel and the United States over the past six months. The group, associated with Iran's Islamic Revolutionary Guard Corps, has focused on current and former government officials, political campaigns, diplomats, think tanks, NGOs, and academic institutions involved in foreign policy discussions. APT42's activities demonstrate a concerted effort to rapidly shift its operational priorities in line with Iran's political and military objectives.

External References

https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/
https://otx.alienvault.com/pulse/66cc787d3fb1bcb51eae3894
Tags
phishing
social engineering
iran
credential theft
2024-08-26
election targeting
ycollection
lcollection
dwp
gcollection

Date

  • Created: Aug. 26, 2024, 12:43 p.m.
  • Published: Aug. 26, 2024, 12:43 p.m.
  • Modified: Aug. 26, 2024, 1:06 p.m.

Indicators

  • f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060
  • c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32
  • bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527
  • baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed549924404849
  • 89c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c
  • 82ae2eb470a5a16ca39ec84b387294eaa3ae82e5ada4b252470c1281e1f31c0a
  • 0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60
  • c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3
  • 4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f
  • 33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156
  • 91.107.150.184
  • 49.13.194.118
  • http://smaaaal.cfd/Wp59tqKU
  • http://short-ion-per.live/08EFNZ1
  • http://sharedrive.webredirect.org/Khn/shoaGzA/cGNt/dMPaV/kvvhK
  • http://s3api.shop/api/
  • http://panel-short-check.live/ZZqt3LYD
  • http://panel-short-check.live/PhyfkFQX
  • http://click-choose-figured.cfd/Gallery/Ref/FSaEM5gG
  • http://click-choose-figured.cfd/Gallery/Password
  • http://checking-paneling.live/aliasauthG/autoref/vNSX6c2m
  • http://checking-paneling.live/aliasauthG/Password
  • http://check-pabnel-status.live/Lcollection/Ref/F53OQQkE
  • http://check-pabnel-status.live/Lcollection/Password
  • http://check-pabnel-status.live/Gcollection/Ref/CkliPwaM
  • http://check-pabnel-status.live/Gcollection/Password
  • visioneditor.loseyourip.com
  • sharedrive.webredirect.org
  • smaaaal.cfd
  • short-ion-per.live
  • s3api.shop
  • click-choose-figured.cfd
  • checking-paneling.live
  • brookings.email
  • accredit-navigation.online
  • understandingthewar.org
  • panel-short-check.live
  • check-pabnel-status.live
Download all indicators here!

Attack Patterns

  • DWP
  • YCollection
  • GCollection
  • LCollection
  • APT42

Additional Informations

  • Israel
  • United States of America