Over the past years, cyberspace has turned into a new arena of conflict between the United States and its allies, on one hand, and Iran, on the other.

Proofpoint

Tehran usually disavows any cyber-attack on American organizations and institutions.

Nevertheless, the cyber security company Proofpoint revealed recently operations carried out by an Iranian hacking group called ‘Witch Cat’.

Proofpoint explained that the evidence indicates that the Iranian Revolutionary Guard Corpse is behind this group.

It added that the Revolutionary Guard was behind Witch Cat’s operations.

However, we are not 100% sure, although all the tricks and methods used and the targets of the attack refer to a large extent of the corpse’s involvement, the company said.

BBC Persia revealed, meanwhile, that Witch Cat hackers tried to target people by impersonating a British university professor and researcher, as they infiltrated a website affiliated with the School of Oriental and African Studies at the University of London.

It added that the group tried to hack the personal information of some people, mostly from the United States and Britain.

It noted that the group tried to chat with these people online.

Hacking method

The security research company CERTFA clarified that an Iranian hacker cell called ‘APT 35’ and known as ‘Witch Cat’ launched an electronic fraud campaign in December 2020 and January 2021 through fake messages, apparently with birthday wishes, but with malicious spyware.

The Security Research Company indicated that the hacking cell is linked to the Iranian government, and is known for its operations against intelligence gatherings through campaigns against diplomats and defense officials in America.

This time, the cell targeted a number of high-ranking employees, including members of think tanks and political research centers, the company said.

CERTFA pointed out that the hackers used sophisticated methods to hide their identities, and send messages using real URLs on Google to get the recipients to feel confident and open the messages.

Source » theportal-center