Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organisations of strategic interest to the Iranian revolutionary guard. https://malpedia.caad.fkie.fraunhofer.de/actor/apt42
Crowdstrike: Charming Kitten.
🐾 Key Footprints
- MFA attacks. Either by using phishing pages or capturing SMS and setting up Microsoft Authenticator.
- Spear-phishing in favour of IRGC. It might take weeks to build proper rapport. Sometimes they even target the acquaintances or relatives of the target first.
- Fake URL shorteners
- 🦠 Android malware: VINETHORN, PINEFLOWER
- 🦠 PowerWindow
- 🦠 Malicious macro
- Links to fake Google books for cred and OTP harvesting
- Surveillance operations against individuals of interest to the Iranian government.