Today > vulnerabilities   -   You can now download lists of IOCs here!

Iranian Cyber Actors Targeting Personal Accounts to Support Operations

Sept. 30, 2024, 10:52 a.m.

Tags
phishing
social engineering
impersonation
iran
credential theft
2024-09-30
two-factor authentication
political campaigns
External References
Description

Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating contacts or email providers to gain access to personal and business accounts. The actors attempt to build rapport before sending malicious links to capture credentials. Targets may be prompted to provide two-factor authentication codes or interact with phone notifications. Recent activity has also focused on persons associated with US political campaigns. The cyber actors tailor their approach to include areas relevant to the target, such as interview requests, conference invitations, or foreign policy discussions. Indicators of compromise include suspicious logins, creation of message forwarding rules, and exfiltration of messages.

Date

Published: Sept. 30, 2024, 10:45 a.m.

Created: Sept. 30, 2024, 10:45 a.m.

Modified: Sept. 30, 2024, 10:52 a.m.

Indicators

covid19questionnaire.freesite.vip

verificationservice.online

uani.us

tinyurl.live

tinyurl.ink

tinyurl.co.il

summit-files.com

sharefilesonline.live

shared-files-access.live

safeshortl.ink

redirect-drive.online

qmaiil.ml

on-dr.com

myconnect-support.com

mofa-ic.ae

mfa-ic.ae

mailerdaemon.info

mailer-support.online

mailer-daemon.site

mailer-daemon.org

mailer-daemon.online

mailer-daemon.net

mailer-daemon.me

mailer-daemon.live

mailer-daemon-message.co

lst-accurate.com

lovetoflight.com

gm-sup.com

linkauthenticator.online

gl-sup.online

gettogether.quest

gdrive-files.com

g-shorturl.com

freshconnect.live

freahman.online

filetransfer.club

email-protection.online

file-access.com

dr-sup.live

dreamycareer.com

doctransfer.online

docfileview.org

discovery-protocol.ml

direct-access.info

de-ma.online

daemon-mailer.com

cutly.vip

cutly.biz

css-ethz.ch

continuetogo.me

bytli.us

boom-boom.ga

atlantic-council.com

accurateprivacy.online

accunt-loqin.ml

accessverification.online

accesscheckout.online

3dconfirrnation.com

3dauth.live

youtransfer.live

washingtonlnstitute.org

mailer-daemon.us

litby.us

email-daemon.site

bitly.org.il

Download all indicators here!

Attack Patterns

Islamic Revolutionary Guard Corps (IRGC)

T1585

T1589

T1586

T1534

T1136

T1531

T1114

T1598

T1584

T1566

T1078

Additional Informations

Media

NGO

Government

United Kingdom of Great Britain and Northern Ireland

United States of America