Iranian “government” hackers carry out sophisticated social engineering attacks on academia, journalists and academics. Masquerading as specialists from the School of African and Oriental Studies at the University of London, the attackers are trying to ferret out sensitive information.
Researchers at the cybersecurity company Proofpoint called this malicious campaign “Operation SpoofedScholars” and believe that it is behind the APT group TA453, also known as APT35 (according to the FireEye classification), Charming Kitten (according to the ClearSky classification) and Phosphorous (according to the Microsoft classification) … Information security experts suggest that the group is acting in the interests of the Islamic Revolutionary Guard Corps (IRGC).
“The victims identified include Middle East experts from think tanks, senior professors from prominent academic institutions and journalists specializing in the Middle East. This campaign demonstrates the growth and improvement of the methods used by TA453, ”said Proofpoint.
Posing as specialists from the School of African and Oriental Studies (SOAS), attackers send phishing links to selected victims to register for online conferences in order to steal their credentials to log in to Google, Microsoft, Facebook and Yahoo. To make it more convincing, the phishing infrastructure is hosted on a legitimate but compromised SOAS radio.
Interestingly, the TA453 group insisted that victims immediately log in to register for the webinar while they were online in order to immediately manually verify the received credentials.
The Islamic Revolutionary Guard Corps is an elite Iranian military-political formation, created in 1979 from the paramilitary units of Islamic revolutionary committees, supporters of the leader of the Iranian Shiites, Grand Ayatollah Khomeini. She took an active part in the Iran-Iraq war, as well as in the creation of the Hezbollah organization. Officially part of the Iranian Armed Forces. The authorities of the United States, Israel, Saudi Arabia and Bahrain recognize the IRGC as a terrorist organization.
Catch up on more articles here
Follow us on Twitter here