therecord.media
Open in
urlscan Pro
2606:4700:4400::6812:20b5
Public Scan
URL:
https://therecord.media/microsoft-iranian-hackers-high-profile-experts
Submission: On January 18 via api from TR — Scanned from DE
Submission: On January 18 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * Elections * Technology * Cyber Daily® * Click Here Podcast Go Subscribe to The Record ✉️ Free Newsletter Image: Ashkan Forouzani via Unsplash Jonathan Greig January 17th, 2024 * News * Nation-state * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. MICROSOFT: IRANIAN HACKERS TARGETING ‘HIGH-PROFILE’ EXPERTS ON MIDDLE EAST “High-profile” experts working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K. and the U.S. have been targeted by hackers allegedly connected to the Iranian government, according to a new report from Microsoft. In a blog post, Microsoft’s Threat Intelligence team said that since November a subset of a hacking group they call Mint Sandstorm has used “bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files.” Microsoft said some incidents it has observed involved new tools it had not seen before. “Operators associated with this subgroup of Mint Sandstorm are patient and highly skilled social engineers whose tradecraft lacks many of the hallmarks that allow users to quickly identify phishing emails. In some instances of this campaign, this subgroup also used legitimate but compromised accounts to send phishing lures,” Microsoft said. “Additionally, Mint Sandstorm continues to improve and modify the tooling used in targets’ environments, activity that might help the group persist in a compromised environment and better evade detection.” Evidence from several incidents shows the most recent campaign is tied to the current conflict in Gaza. Some of the phishing lures seen involve the Israel-Hamas war, and Microsoft researchers believe the goal is to get a variety of inside perspectives on the conflict. Mint Sandstorm is known by other researchers as APT35 or Charming Kitten and is believed to be tied to the Islamic Revolutionary Guard Corps (IRGC), an intelligence arm of Iran’s military. The targets of their campaigns typically have access to information important to leaders in Tehran. More Coverage: Threat-hunter says Iran is stepping up the sophistication of its cyberattacks In the past, Microsoft researchers have seen members of the group go after journalists, researchers, professors, or other people with “resource-intensive social engineering campaigns.” “In this campaign, Mint Sandstorm masqueraded as high-profile individuals including as a journalist at a reputable news outlet,” they added. “In some cases, the threat actor used an email address spoofed to resemble a personal email account belonging to the journalist they sought to impersonate and sent benign emails to targets requesting their input on an article about the Israel-Hamas war.” Several other cases involved legitimate but compromised email accounts belonging to the people they attempted to impersonate. Some of the initial emails did not carry any malicious content as the hackers sought to develop a relationship with their targets before beginning the espionage process. Once a target agreed to look at an article or document, the hackers sent a link to a malicious domain that took the victim to a .rar file allegedly containing the documents. These kinds of tactics “might have played a role in the success of this campaign,” Microsoft noted. In several cases, the hackers dropped custom backdoors onto victim systems allowing them to maintain their access. One backdoor tool — named MediaPL — is a custom-made tool that is built to masquerade as Windows Media Player, an application used to store and play audio and video files. The backdoor can send encrypted communications to a hacker-controlled server, terminate itself or launch commands. “The ability to obtain and maintain remote access to a target’s system can enable Mint Sandstorm to conduct a range of activities that can adversely impact the confidentiality of a system,” they said. “Compromise of a targeted system can also create legal and reputational risks for organizations affected by this campaign. In light of the patience, resources, and skills observed in campaigns attributed to this subgroup of Mint Sandstorm, Microsoft continues to update and augment our detection capabilities to help customers defend against this threat.” In November and December, several leading cybersecurity agencies in the U.S. warned of a campaign from a hacking group allegedly connected to the IRGC targeting U.S. water utilities. U.S. President Joe Biden said on Saturday that the White House sent a private message to Iran about several recent incidents involving attacks on commercial ships in the Red Sea. * * * * * Tags * Microsoft * Iran * Charming Kitten * APT 35 * espionage Previous article Tech companies could do ‘heaps more’ to protect users from fraud No new articles JONATHAN GREIG Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic. * National Bank of Angola says it mitigated cyberattackJanuary 17th, 2024 * Indian Air Force potentially targeted with info-stealing malwareJanuary 17th, 2024 * Detained Russian student allegedly helped Ukrainian hackers with cyberattacksJanuary 16th, 2024 * Crypto trading firm closes shop after $8 million NY state fine over security issuesJanuary 16th, 2024 * Ransomware gang demands €10 million after attacking Spanish councilJanuary 16th, 2024 * UK privacy watchdog to examine practice of web scraping to get training data for AIJanuary 15th, 2024 * Microsoft to keep all European cloud customers’ personal data within EUJanuary 12th, 2024 * British cosmetics firm Lush confirms cyberattackJanuary 12th, 2024 * FCC presses carmakers, wireless providers to protect domestic abuse survivors from stalking toolsJanuary 11th, 2024 FLYING UNDER THE RADAR: ABUSING GITHUB FOR MALICIOUS INFRASTRUCTURE Flying Under the Radar: Abusing GitHub for Malicious Infrastructure 2023 ADVERSARY INFRASTRUCTURE REPORT 2023 Adversary Infrastructure Report ANNUAL PAYMENT FRAUD INTELLIGENCE REPORT: 2023 Annual Payment Fraud Intelligence Report: 2023 AGGRESSIVE MALIGN INFLUENCE THREATENS TO SHAPE US 2024 ELECTIONS Aggressive Malign Influence Threatens to Shape US 2024 Elections OBFUSCATION AND AI CONTENT IN THE RUSSIAN INFLUENCE NETWORK “DOPPELGÄNGER” SIGNALS EVOLVING TACTICS Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics * * * * * Privacy * About * Contact Us © Copyright 2024 | The Record from Recorded Future News