Security News > 2022 > September > New Iranian hacking group APT42 deploys custom Android spyware
A new Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.
The cybersecurity firm has collected enough evidence to determine that APT42 is a state-sponsored threat actor who engages in cyberespionage against individuals and organizations of particular interest to the Iranian government.
According to Mandiant, who discovered the activities of the new hacking group, APT42 has conducted at least 30 operations in 14 countries since 2015.
Mandiant says the Android spyware is primarily spread to Iranian targets via SMS texts containing links to a messaging or VPN app that can help bypass government-imposed restrictions.
"The use of Android malware to target individuals of interest to the Iranian government provides APT42 with a productive method of obtaining sensitive information on targets, including movement, contacts, and personal information," comments Mandiant in the technical report.
APT42 uses a rich set of lightweight custom malware on Windows systems to establish a foothold and steal credentials that will enable them to escalate privileges and perform reconnaissance on the network.