Iranian State-Sponsored Hacking Attempts

2021-07-13 14:04

Masquerading as UK scholars with the University of London's School of Oriental and African Studies, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links.

Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage.

Once the conversation was established, TA453 delivered a "Registration link" to a legitimate but compromised website belonging to the University of London's SOAS radio.

Of note, TA453 also targeted the personal email accounts of at least one of their targets.

In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation.

News URL

https://www.schneier.com/blog/archives/2021/07/iranian-state-sponsored-hacking-attempts.html

#hacking #iranian #statesponsored