Security News > 2021 > July > Iranian Hackers Impersonate British Scholars in Recent Campaign

In a recent attack campaign, the Iran-linked threat actor tracked as TA453 has been posing as UK scholars with the University of London's School of Oriental and African Studies to engage targets of interest and steal their credentials, security researchers with Proofpoint reveal.

Believed to be supporting the information collection efforts of the Iranian Revolutionary Guard Corps, TA453 engaged in benign conversations with their targets, up to the point when they served a 'registration link' leading to a legitimate, albeit compromised website of University of London's SOAS radio.

In one attack in early 2021, the hackers used a fake persona, "Dr.Hanns Bjoern Kendel, Senior Teaching and Research Fellow at SOAS University in London," to engage with targets and invite them to a fake conference.

The hackers showed willingness to chat with their targets over the phone or through video conferencing software, repeatedly demonstrating "a desire to connect with the target in real-time," Proofpoint says.

"These groupings consistently have information of interest to the Iranian government, including, but not limited to, information about foreign policy, insights into Iranian dissident movements, and understanding of U.S. nuclear negotiations, and most of the identified targets have been previously targeted by TA453," Proofpoint says.

Proofpoint expects TA453 to continue abusing legitimate infrastructure in future attacks, as well as to spoof scholars in future attacks aimed at supporting its intelligence collection in support of Iranian government interests.

News URL

http://feedproxy.google.com/~r/securityweek/~3/8lUkVC1p07k/iranian-hackers-impersonate-british-scholars-recent-campaign