Iranian hackers are doing their best to discover exactly what researchers and academics in the West are working and discussing, especially about Palestine and Israel – so much so that they have launched a new, hard-to-detect phishing campaign against such individuals, aiming to install information-stealing malware.
This is according to Microsoft, whose security researchers recently sounded the alarm about the campaign.
According to the report, a subgroup of a well-known state-sponsored threat actor APT35 (AKA Charming Kitten of Phosphorus) engages in phishing attacks against high-profile employees of research organizations and universities in Europe and the United States. The emails are tailor-made and often pass through email security services.
Middle East in focus
“Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle East issues at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom and the United States States. Microsoft said in the report. “In this campaign, Mint Sandstorm used customized phishing lures in an attempt to socially manipulate targets into downloading malicious files. In a handful of cases, Microsoft observed new trading techniques following the breach, including the use of a new, customized backdoor called MediaPl .”
In addition to MediaPI, which appears to be designed to open an encrypted communication channel with the operators and the compromised endpoints, APT35 also drops MischiefTut, a backdoor that allows them to execute commands and undertake reconnaissance activities.
“These individuals, who work with or have the potential to influence the intelligence and policy communities, are attractive targets for adversaries seeking to gather intelligence for the states that sponsor their activities, such as the Islamic Republic of Iran,” Microsoft said. “Based on the identity of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it is possible that this campaign is an attempt to gather perspectives on events related to the war of individuals across the ideological spectrum.
Through BleepingComputer