Iranian Hacker Group Posed as Journalists to Hunt Dissidents – By Patrick Hunter (Defense One) / Sept 8, 2022
Group spent weeks trying to fool specific targets with intricate appeals—including U.S campaign staff.
A hacker group likely linked to Iran’s Revolutionary Guard used sophisticated means and elaborate false identities to steal information from government officials, think tankers, and others around the world who might be in contact with Iranian dissidents, according to a new report from cybersecurity company Mandiant.
Dubbed APT42 by Mandiant, the group has been active since 2015, the report said. Its primary tactic is spear-phishing, a common scam whose perpetrators pose as a legitimate entity and attempt to persuade a target to open an email and click a link that allows the group to steal information. What sets this group apart is the lengths to which they go to appear trustworthy.
A lot of spear-phishing campaigns are laughably crude, promising riches in poorly written emails. Not APT42. One member of the group “posed as a well-known journalist from a U.S. media organization requesting an interview and engaged the initial target for 37 days to gain their trust before finally directing them to a credential harvesting page,” the report said.
Another member posed as the British newspaper Metro to hit targets “located in Belgium and the United Arab Emirates, [with an] online interview via a customized PDF document containing an embedded link leading to a Gmail credential harvesting page,” the report said.
