Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Sept. 30, 2024, 10:52 a.m.
Description
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating contacts or email providers to gain access to personal and business accounts. The actors attempt to build rapport before sending malicious links to capture credentials. Targets may be prompted to provide two-factor authentication codes or interact with phone notifications. Recent activity has also focused on persons associated with US political campaigns. The cyber actors tailor their approach to include areas relevant to the target, such as interview requests, conference invitations, or foreign policy discussions. Indicators of compromise include suspicious logins, creation of message forwarding rules, and exfiltration of messages.
Date
Published | Created | Modified |
---|---|---|
Sept. 30, 2024, 10:45 a.m. | Sept. 30, 2024, 10:45 a.m. | Sept. 30, 2024, 10:52 a.m. |
Attack Patterns
Islamic Revolutionary Guard Corps (IRGC)
T1585
T1589
T1586
T1534
T1136
T1531
T1114
T1598
T1584
T1566
T1078
Additional Informations
Media
NGO
Government
United Kingdom of Great Britain and Northern Ireland
United States of America