Microsoft warns of new spearphishing attack targeting workers at top companies

Iran hackers target researchers and academia in the West

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Iran hackers are trying hard to discover exactly what researchers and academia in the West are working on and discussing, especially about Palestine and Israel - so much so that they’ve launched a new, hard-to-detect phishing campaign against such individuals, aiming to install information-stealingmalware.

This is according toMicrosoft, whose security researchers recently sounded the alarm on the campaign.

As per thereport, a subgroup of a known state-sponsored threat actor APT35 (AKA Charming Kitten, or Phosphorus) is engaged in phishing attacks against high-profile employees of research organizations and universities in Europe and the United States. The emails are custom-made and often make it past email security services.

Middle East in focus

“Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States,” Microsoft said in the report. “In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files. In a handful of cases, Microsoft observed new post-intrusion tradecraft including the use of a new, custom backdoor called MediaPl.”

Besides MediaPI, which seems to be designed to open up an encrypted communications channel with the operators and the compromised endpoints, APT35 is also dropping MischiefTut, a backdoor allowing them to run commands and mount reconnaissance activity.

“These individuals, who work with or who have the potential to influence the intelligence and policy communities, are attractive targets for adversaries seeking to collect intelligence for the states that sponsor their activity, such as the Islamic Republic of Iran,” Microsoft said. “Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it’s possible this campaign is an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum.

ViaBleepingComputer

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics