Security News > 2024 > August > Google raps Iran's APT42 for raining down spear-phishing attacks
Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign.
APT42 is largely relying on what Google's TAG calls "Cluster C" phishing activity - distinguished methods that have been in use since 2022, characterized by attempts to impersonate NGOs and "Mailer Daemon."
Google Meet is spoofed a lot of the time, and TAG said other fake Google sites have been spotted in more than 50 different campaigns.
GCollection has been in use and under constant development since January 2023, and is the kit Google deems the most sophisticated that APT42 uses.
"This spear phishing is supported by reconnaissance, using open-source marketing and social media research tools to identify personal email addresses that might not have default multi-factor authentication or other protection measures that are commonly seen on corporate accounts," said Google.
Multiple web pages imitating a petition from the Jewish Agency for Israel were stymied by Google after finding them set up using Google Sites.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/08/15/google_iran_apt42_campaigns/
Related news
- Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you (source)
- Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)