Search This Blog

Powered by Blogger.

Blog Archive

Labels

UK and US Warn of Rising Iranian Spear Phishing Threat

The campaign is aimed at individuals "with a nexus to Iranian and Middle Eastern affairs.

 

The UK’s National Cyber Security Centre (NCSC) collaborated with government agencies across the Atlantic to issue a new alert regarding Iranian cyber-threats last week. 

The security advice, issued in collaboration with the FBI, US Cyber Command - Cyber National Mission Force (CNMF), and the Department of the Treasury (Treasury), claimed that Iran's Islamic Revolutionary Guard Corps (IRGC) was behind the spear phishing attack. 

The campaign is aimed at individuals "with a nexus to Iranian and Middle Eastern affairs," but it is also focused on US political campaigns, with the ultimate goal of expanding its information operations, the advice stated. Current or former top government officials, think tank personnel, journalists, activists, and lobbyists seem to be potential targets. 

Threat actors change their strategies according to the specific target, which could involve impersonating family members, professional contacts, prominent journalists, and/or email providers. The lure may be an interview, an invitation to a conference or embassy event, a speaking engagement, or another political or foreign policy dialogue. 

“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” the report reads. 

“Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors. Victims sometimes gain access to the document but may receive a login error.” 

Prevention tips

The advisory advised readers to be suspicious of unsolicited contact, attempts to send links or files via social media and other online services, email messages flagging alerts for online accounts, emails purporting to be from legitimate services and shortened links. It also recommended enterprises to:

  • Implement a user training program for phishing awareness.
  • Recommend users only use work emails for official business, always keep software updated, switch on multi-factor authentication, and never click on links or open attachments in unsolicited emails.
  • Users are recommended to use advanced protection services and hardware security keys. 
  • Switch on anti-phishing and spoofing security features. 
  • Block automatic email forwarding to external addresses.
  • Monitor email servers for changes to configuration and custom rules.
Share it:

Cyber Security

Cybersecurity Agencies

Iran hackers

Spear Phishing

Threat Landscape