Security News > 2022 > September > Mandiant links APT42 to Iranian 'terrorist org'

Mandiant links APT42 to Iranian 'terrorist org'
2022-09-07 14:00

Mandiant has named a new threat group, APT42, that it says functions as the cyberspy arm of Iran's Islamic Revolutionary Guard Corps, which has plotted to murder US citizens including former National Security Advisor John Bolton.

While its financial backers turn their attention to assasination attempts and other terrorist activities, APT42 favors selective spear-phishing to target corporate and personal email accounts, according to the Google-owned threat intel business.

Its victims span at least 14 countries - the US, Australia, and those in Europe and the Middle East among them - and have included government officials, former Iranian policymakers, members of the Iranian diaspora and opposition groups, journalists and academics, according to Mandiant's research [PDF], published today.

According to Mandiant Intelligence VP John Hultquist, this group is especially dangerous because of its ties to the IRGC. "The IRGC has been associated with everything from DDoS to physical destruction, assassinations, threats to safety and lives," he said, in an interview with The Register.

In its research, Mandiant says the Iranian threat group's activity "Generally corresponds" with crime gangs tracked as TA453, Yellow Garuda and ITG18.

Google's Threat Analysis Group recently detailed an email-stealing malware attributed to Charming Kitten that corresponds to the campaigns outlined in the Mandiant report.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/07/mandiant_apt42_irgc/