Logo
RSS Feed

🇮🇷 APT42

Created: 08.05.2023

Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organisations of strategic interest to the Iranian revolutionary guard. https://malpedia.caad.fkie.fraunhofer.de/actor/apt42

Crowdstrike: Charming Kitten.

🐾 Key Footprints

  • MFA attacks. Either by using phishing pages or capturing SMS and setting up Microsoft Authenticator.
  • Spear-phishing in favour of IRGC. It might take weeks to build proper rapport. Sometimes they even target the acquaintances or relatives of the target first.
  • Fake URL shorteners
  • 🦠 Android malware: VINETHORN, PINEFLOWER
  • 🦠 PowerWindow
  • 🦠 Malicious macro
  • Links to fake Google books for cred and OTP harvesting
  • Surveillance operations against individuals of interest to the Iranian government.

References

Expand…

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/actor/apt42

Mandiant Report

https://www.mandiant.com/media/17826