Security News > 2021 > July > Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East
A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies.
"Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage," the researchers said in a technical write-up shared with The Hacker News.
On a high level, the attack chain involved the threat actor posing as British scholars to a group of highly selective victims in an attempt to entice the target into clicking on a registration link to an online conference that's engineered to capture a variety of credentials from Google, Microsoft, Facebook, and Yahoo.
At least in one instance, TA453 is said to have sent a credential harvesting email to a target to their personal email account.
"TA453 strengthened the credibility of the attempted credential harvest by utilizing personas masquerading as legitimate affiliates of SOAS to deliver the malicious links," the researchers said.
"The use of legitimate, but compromised, infrastructure represents an increase in TA453's sophistication and will almost certainly be reflected in future campaigns. TA453 continues to iterate, innovate, and collect in support of IRGC collection priorities."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/B87P1f3Sg0A/iranian-hackers-posing-as-scholars.html
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)