Security News > 2021 > March > Iranian Hackers Target Medical Personnel in US, Israel
Deviating from their typical activity, an Iranian threat actor known as TA453 has mounted a phishing campaign targeting senior medical professionals in the United States and Israel, cybersecurity firm Proofpoint reports.
Also referred to as Charming Kitten, Phosphorus, APT35, Ajax Security Team, ITG18, NewsBeef, and Newscaster, the group has been active since at least 2011, mainly targeting activists, journalists, and other entities in the Middle East, the U.K., and the U.S. The new campaign, which Proofpoint named BadBlood due to its focus on medical personnel, targeted individuals specialized in genetic, neurology, and oncology research, in line with a broader trend in which threat actors are targeting medical research.
Up to 25 senior professionals working with various research organizations in the US and Israel were targeted in these attacks, but the targeting of Israelis might also be the result of increased geopolitical tensions in the region, Proofpoint notes.
The motivation behind the campaign is not yet clear, but it's likely that TA453 attempted to collect medical information related to genetic, oncology, and neurology research.
"While this campaign may represent a shift in TA453 targeting overall, it is also possible it may be an outlier, reflective of a specific priority intelligence tasking given to TA453," Proofpoint says.
"While targeting medical experts in genetics, neurology and oncology may not be a lasting shift in TA453 targeting, it does indicate at least a temporary change in TA453 collection priorities. BadBlood is aligned with an escalating trend globally of medical research being increasingly targeted by espionage motivated focused threat actors," Proofpoint concludes.
News URL
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- US says Chinese hackers breached multiple telecom providers (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)