Iranian hacking group is posing as a U.S. think tank to target women involved in Middle East political affairs and human rights.
The cybersecurity company attributed the activity to a hacking group it tracks as Cobalt Illusion, and which is also known by the names APT35, Charming Kitten, ITG18, Phosphorus, TA453, and Yellow Garuda.
The targeting of academics, activists, diplomats, journalists, politicians, and researchers by the threat actor has been well-documented over the years.
The group is suspected to be operating on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC) and has exhibited a pattern of using fake personas to establish contact with individuals who are of strategic interest to the government.
“It is common for Cobalt Illusion to interact with its targets multiple times over different messaging platforms,” SecureWorks said.
“The threat actors first send benign links and documents to build rapport.
They then send a malicious link or document to phish credentials for systems that Cobalt Illusion seeks to access.”
Chief among its tactics include leveraging credential harvesting to gain control of victims’ mailboxes as well as employing custom tools like HYPERSCRAPE (aka EmailDownloader) to steal data from Gmail, Yahoo!, and Microsoft Outlook accounts using the stolen passwords.
Full Link ( Here )
© CopyRights RawNews1st
