May 19, 2024

Iranian hackers pose as journalists to push backdoor malware

May 7, 2024 0

 

[[{“value”:”

APT42, an Iranian state-sponsored hacking group also known as Charming Kitten or Yellow Garuda has been spotted impersonating journalists from popular mainstream media titles in an attempt to deliver multi-purpose backdoors to their targets.

A report from Google cybersecurity researchers found the threat actors would first set up email addresses on typosquatted domains, impersonating journalists, NGO representatives, and event organizers. 

The impersonated organizations include the Washington Post, The Economist, The Jerusalem Post, Khaleej Times, Azadliq, and others. 

Nicecurl and Tamecat

Then, they would reach out to their targets, mostly located in the Middle East, and West, and engage in conversation. After building some credibility, the attackers would share a link to a document relating to a conference, or a news article. The link would redirect the victims to a phishing page where, should they fall for the trap, they can share their login credentials, and even multi-factor authentication (MFA) tokens.

The final step is to use the obtained credentials to infiltrate their target’s corporate network and deploy two backdoors: “Nicecurl” and “Tamecat”.

Nicecurl seems to be the less capable one, allowing for command execution, deploying additional malware, and stealing sensitive data. Tamecat can execute arbitrary PowerShell code and is generally described as more flexible.

The researchers argue that APT42 is linked to Iran’s Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). Over the years it has built a reputation of infamy, having been involved in dozens of high-profile attacks. The researchers first observed it back in 2015, and have apparently engaged in at least 30 different operations. 

While the targets may differ, the goal is always the same – to gather important intelligence, vital for the advancement of Iranian state agendas. In that respect, the targets are mostly located in Israel, the United States, and Europe.

Via BleepingComputer

More from TechRadar Pro

State-backed Iranian hackers spread malware through links to fake VPN appsHere’s a list of the best firewalls around todayThese are the best endpoint security tools right now
“}]] 

More Stories

Gurman: No New Mac Studio and Mac Pro Until Mid-2025

Gurman: No New Mac Studio and Mac Pro Until Mid-2025

May 19, 2024 0
AirTag With New Chip and Improved Location Tracking Due Next Year

AirTag With New Chip and Improved Location Tracking Due Next Year

May 19, 2024 0
5 reasons to buy a Chromebook instead of a Mac

5 reasons to buy a Chromebook instead of a Mac

May 19, 2024 0

You may have missed

Gurman: No New Mac Studio and Mac Pro Until Mid-2025

Gurman: No New Mac Studio and Mac Pro Until Mid-2025

May 19, 2024 0
AirTag With New Chip and Improved Location Tracking Due Next Year

AirTag With New Chip and Improved Location Tracking Due Next Year

May 19, 2024 0
5 reasons to buy a Chromebook instead of a Mac

5 reasons to buy a Chromebook instead of a Mac

May 19, 2024 0
Verstappen Secures Emilia Romagna Grand Prix Pole Ahead Of Piastri And Norris

Verstappen Secures Emilia Romagna Grand Prix Pole Ahead Of Piastri And Norris

May 19, 2024 0
Verstappen Claims Pole Position At Emilia Romagna Grand Prix

Verstappen Claims Pole Position At Emilia Romagna Grand Prix

May 19, 2024 0