Iran-backed group targets Biden, Trump campaigns

by / ⠀News / August 22, 2024
Group Targets

The Iranian-backed hacking group APT42 has stepped up its phishing campaigns against high-profile targets in Israel and the United States over the past six months. APT42, which is linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), consistently targets current and former government officials, political campaigns, diplomats, and individuals working at think tanks and NGOs. Israel and the U.S. accounted for about 60% of APT42’s known geographic targeting between February and late July 2024.

The group intensely targeted users in Israel, particularly in April, focusing on individuals connected to the Israeli military, defense sector, diplomats, academics, and NGOs. APT42 employs a range of tactics to carry out their campaigns, including hosting malware and phishing pages on services like Google Drive, Gmail, Dropbox, and OneDrive. Steps have been taken to disrupt their activities, such as resetting compromised accounts and adding malicious domains to the Safe Browsing blocklist.

During the current U.S. presidential election cycle, APT42 has targeted personal email accounts of individuals affiliated with both President Biden and former President Trump, including government officials and campaign associates.

See also  Middle East tensions weigh on market

Iran-backed phishing targets high-profile campaigns

These activities have been reported to law enforcement, with ongoing monitoring and efforts to thwart phishing attempts.

APT42’s success is attributed to their persistent and sophisticated social engineering tactics. They frequently create fake accounts and domains to appear credible to their targets, such as impersonating reputable organizations like the Washington Institute for Near East Policy and the Brookings Institution. The group uses various phishing kits designed to harvest credentials from platforms like Google, Hotmail, and Yahoo.

Their latest tools support multi-factor authentication, device PINs, and one-time recovery codes, reflecting their ongoing development and sophistication. Awareness and enhanced security measures remain crucial to countering these sophisticated phishing campaigns. Continuous monitoring and proactive measures are being taken to disrupt APT42’s operations and secure affected accounts.

About The Author

Nathan Ross

Nathan Ross is a seasoned business executive and mentor. His writing offers a unique blend of practical wisdom and strategic thinking, from years of experience in managing successful enterprises. Through his articles, Nathan inspires the next generation of CEOs and entrepreneurs, sharing insights on effective decision-making, team leadership, and sustainable growth strategies.

x

Get Funded Faster!

Proven Pitch Deck

Signup for our newsletter to get access to our proven pitch deck template.