In a recent report, Google’s Threat Analysis Group (TAG) has highlighted a significant increase in phishing campaigns by APT42, a hacking group backed by Iran’s Islamic Revolutionary Guard Corps (IRGC).
These campaigns have primarily targeted U.S. presidential election officials and Israeli military, government, and diplomatic institutions. The report, released on August 14, 2024, provides detailed insights into the tactics and targets of APT42, underscoring the persistent threat posed by state-sponsored cyber activities.
APT42 has been active in conducting phishing attacks against various high-profile targets. Between May and June 2024, the group targeted around 12 current and former senior U.S. government officials, as well as officials from both Democratic and Republican presidential campaigns. TAG reported that it successfully blocked numerous attempts by APT42 to access the personal email accounts of these individuals.
However, the group did manage to compromise the personal Gmail account of a prominent political consultant, an incident that was reported to the FBI in July 2024. The phishing tactics employed by APT42 are sophisticated and deceptive.
The group sends phishing emails that impersonate legitimate organizations and individuals to steal personal information. Additionally, they use pop-up pages disguised as Google Drive and Google login screens to infiltrate targets’ computers. Once inside, they weaponize the compromised computers to send phishing emails to higher-ranking personnel.
This method not only increases the reach of their campaigns but also enhances their chances of success. In addition to targeting U.S. political figures, APT42 has also focused on Israeli institutions. Between February and late July 2024, Israeli and American users accounted for approximately 60% of APT42’s targets.
The group’s activities against Israel intensified during this period, with about 45 phishing campaigns being launched daily at their peak. APT42 has attempted to socially engineer former Israeli military and aerospace officials by posing as journalists seeking comments on attacks on cities.
They have also impersonated organizations such as Israeli military research institutes, using similar websites and email domains to deceive their targets. TAG has taken proactive measures to counter these threats. They have dismantled several websites created by APT42 that were designed to lure users into phishing traps.
These websites often contained embedded image files that redirected users to phishing pages. TAG continues to closely monitor U.S. election activities and has encouraged high-risk individuals, including elected officials, candidates, campaign workers, journalists, election officials, and government officials, to enroll in Google’s Advanced Protection Program.
This free, opt-in program is designed to protect users from phishing attacks and other scams, ensuring that unauthorized users cannot access their accounts even if passwords are compromised.
The report from Google’s TAG highlights the ongoing threat posed by state-sponsored cyber activities, particularly those linked to geopolitical tensions. The increased phishing campaigns by APT42 demonstrate the group’s persistent efforts to influence political processes and gather intelligence.
Source » irannewsupdate