The UK’s National Cyber Security Centre (NCSC) teamed up with government agencies across the Atlantic to issue a new alert about Iranian cyber-threats on Friday.
Released in concert with the FBI, US Cyber Command – Cyber National Mission Force (CNMF) and the Department of the Treasury (Treasury), the security advisory claimed that Iran’s Islamic Revolutionary Guard Corps (IRGC) is behind the spear phishing campaign.
The campaign is targeted at individuals “with a nexus to Iranian and Middle Eastern affairs,” although it’s also focused at US political campaigns, with an end goal of furthering its information operations, the advisory noted.
Current or former senior government officials, senior think tank personnel, journalists, activists and lobbyists are apparently all potential targets.
Phishing Attacks Target Journalists and Diplomats
The threat actors tailor their tactics to the specific target, potentially impersonating family members, professional contacts, well-known journalists and/or email service providers. The lure may be a request for interview, an invitation to a conference or embassy event, a request for speaking engagement, or some other political or foreign policy discussion.
The threat actors use both messaging and email channels to target their victims, the report said.
“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” it continued.
“Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors. Victims sometimes gain access to the document but may receive a login error.”
How to Spot and Avoid Phishing Attempts
The advisory urged readers to be suspicious of unsolicited contact, attempts to send links or files via social media and other online services, email messages flagging alerts for online accounts, emails purporting to be from legitimate services and shortened links.
Source » infosecurity-magazine