The US cybersecurity agency CISA and the FBI have issued a warning about Iranian threat actors targeting and breaking into the email accounts of individuals associated with national political entities.
Aiming to stir up conflict and undermine confidence in the US democracy, threat actors linked to the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) have been targeting government officials, activists, journalists, think tank personnel, and lobbyists, the agencies say in a joint advisory.
“IRGC actors seek access to American personal and business accounts using social engineering techniques that target email and chat applications,” it added.
The adversaries were seen impersonating known individuals, sending requests for interviews, invites for high-profile events, and solicitations from US campaigns and elections to deceit the intended victims into accessing a spoofed email login page.
The phishing page prompts victims to enter their usernames and passwords, which are harvested by the threat actors and used to access their accounts.
“Although we have not seen this actor do so, some nation-state actors use generative artificial intelligence capabilities to increase the believability of social engineering efforts,” the agencies said.
Organizations and individuals at risk of such phishing attempts are advised to enhance their security and resilience, and CISA and the FBI have provided mitigation recommendations, such as using phishing-resistant multi-factor authentication (MFA).
Entities associated with national political campaigns and elections are advised to be wary of unsolicited contacts from unknown individuals or people claiming to use new accounts or phone numbers, unusual emails from known individuals, accounts delivering links or files via social media, emails conveying suspicious alerts, and unsolicited messages containing shortened links.
In addition to using phishing-resistant MFA for all accounts, at-risk individuals are urged to use password manager, refrain from clicking on links in emails, chat messages, or social media alerts, and ensure OS and applications are fully patched.
Source » securityweek