Security News > 2020 > September > Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information.

The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts - one for Windows and the other for Android - using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.

Calling the operation "Rampant Kitten," cybersecurity firm Check Point Research said the suite of malware tools had been mainly used against Iranian minorities, anti-regime organizations, and resistance movements such as the Association of Families of Camp Ashraf and Liberty Residents, Azerbaijan National Resistance Organization, and citizens of Balochistan.

The research also confirms an advisory from the US Cybersecurity and Infrastructure Security Agency earlier this week, which detailed the use of PowerShell scripts by an Iranian cyber actor to access encrypted password credentials stored by the KeePass password management software.

"The conflict of ideologies between those movements and the Iranian authorities makes them a natural target for such an attack, as they align with the political targeting of the regime," Check Point said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/c4rUhXabhkU/iran-hacking-dissidents.html