What's new

Iran hits numerous US organizations in sophisticated cyberattack operation exhibiting "highly advanced degree of complexity"

Aspen

BANNED
Sep 18, 2019
2,714
1
4,885
Country
Pakistan
Location
United States
An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages.

"Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect," said CERTFA, a cybersecurity organization specialized in tracking Iranian operations.

"The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents," it added.

CERTFA said it detected attacks targeting members of think tanks, political research centers, university professors, journalists, and environmental activists.

The victims were located in countries around the Persian Gulf, Europe, and the US.

HOW AN ATTACK UNFOLDED

CERTFA researchers said that this particular campaign exhibited an advanced degree of complexity. Victims received spear-phishing messages from the attackers not only via email but also via SMS, a channel that not many threat actors use on a regular basis.

While the SMS messages posed as Google security alerts, the emails leveraged previously hacked accounts and tried to play on the festive mood with holiday-related lures.

The common denominator in both campaigns was that Charming Kitten operators managed to successfully hide their attacks behind a legitimate Google URL of https://www.google[.]com/url?q=https://script.google.com/xxxx, which would have fooled even the most tech-savvy recipients.

certa-sms.png



certa-email.png


But behind the hood, CERTFA said that the legitimate Google URL would end up bouncing the user through different websites and eventually bring him to a phishing page, where they'd be asked for login credentials for personal email services like Gmail, Yahoo, and Outlook, but also business emails.

sms-redirection-stages.jpg


The CERTFA team noted that this wasn't the first time that Charming Kitten managed to successfully hide links to spear-phishing websites behind Google URLs.

The company points to a previous report from January 2020, exposing a Charming Kitten operation that abused sites.google.com links.

 

BHAN85

FULL MEMBER
Jan 5, 2015
723
-1
386
Country
Spain
Location
Spain
Sorry but nobody can believe this BS.

USA can hack everybody because hardware and software that everybody use is MADE IN USA.

There is no magic, just factory hardware & software backdoors.

Iran doesnt manufacture hardware or software used by USA.
 

Arian

ELITE MEMBER
Oct 21, 2011
2,395
0
4,629
Location
Germany
Sorry but nobody can believe this BS.

USA can hack everybody because hardware and software that everybody use is MADE IN USA.

There is no magic, just factory hardware & software backdoors.

Iran doesnt manufacture hardware or software used by USA.
Yes, but the ability to launch cyber warfare is not the same as defending against it.
 

BHAN85

FULL MEMBER
Jan 5, 2015
723
-1
386
Country
Spain
Location
Spain
Yes, but the ability to launch cyber warfare is not the same as defending against it.
USA doesnt need to defend, because they are the manufacturers and they are the only ones who know all the backdoors in the hardware/software they sell.
 

Aspen

BANNED
Sep 18, 2019
2,714
1
4,885
Country
Pakistan
Location
United States
USA doesnt need to defend, because they are the manufacturers and they are the only ones who know all the backdoors in the hardware/software they sell.
That is pure bullshit, I hope nobody is stupid enough to believe this snake oil
 

Arian

ELITE MEMBER
Oct 21, 2011
2,395
0
4,629
Location
Germany
USA doesnt need to defend, because they are the manufacturers and they are the only ones who know all the backdoors in the hardware/software they sell.
That's not the way it works. Any web application can have security vulnerabilities, particularly in large projects where there are many contributors to the project. Websites like Google, Yahoo, Microsoft and others have been hacked and even defaced by script kiddies many times.
 

Aspen

BANNED
Sep 18, 2019
2,714
1
4,885
Country
Pakistan
Location
United States
That's not the way it works. Any web application can have security vulnerabilities, particularly in large projects where there are many contributors to the project. Websites like Google, Yahoo, Microsoft and others have been hacked and even defaced by script kiddies many times.
Not only do they have vulnerabilities but these exploits are openly published for anyone to replicate, and many do take advantage of these exploits before they are patched.

However, this seems more advanced than that because it involves a level of deception that goes way beyond some basic exploit.
 

Arian

ELITE MEMBER
Oct 21, 2011
2,395
0
4,629
Location
Germany
Not only do they have vulnerabilities but these exploits are openly published for anyone to replicate, and many do take advantage of these exploits before they are patched.

However, this seems more advanced than that because it involves a level of deception that goes way beyond some basic exploit.
Indeed. There are even websites for releasing security vulnerabilities and reporting them.
 

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)


Top Bottom