Security News > 2024 > August > Google raps Iran's APT42 for raining down spear-phishing attacks

Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign.

APT42 is largely relying on what Google's TAG calls "Cluster C" phishing activity - distinguished methods that have been in use since 2022, characterized by attempts to impersonate NGOs and "Mailer Daemon."

Google Meet is spoofed a lot of the time, and TAG said other fake Google sites have been spotted in more than 50 different campaigns.

GCollection has been in use and under constant development since January 2023, and is the kit Google deems the most sophisticated that APT42 uses.

"This spear phishing is supported by reconnaissance, using open-source marketing and social media research tools to identify personal email addresses that might not have default multi-factor authentication or other protection measures that are commonly seen on corporate accounts," said Google.

Multiple web pages imitating a petition from the Jewish Agency for Israel were stymied by Google after finding them set up using Google Sites.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/08/15/google_iran_apt42_campaigns/