Iranian Hacker Group APT34 Apparently at It Again Targeting U.S. Research Organizations

Threat researchers at Intezer have discovered a new string of attacks using an updated TONEDEAF toolset intent on eventually gaining access to U.S. Government research.

Employees and customers of U.S.-based research company Westat (a company that provides research to the U.S. Government) have been receiving satisfaction survey emails that include an Excel spreadsheet.


Source: Intezer

According to Intezer, the spreadsheet includes malicious VBA code that executes when macros are enabled. This code works to install updated versions of the TONEDEAF and VALUEVAULT malwares. TONEDEAF is a backdoor malware, while VALUEVAULT is a browser credential stealer.

There is nothing truly novel about this spear phishing scam – an email is sent to specific users, utilizing content designed to make it look authentic. An attachment containing malicious code was attached, all with the intent of installing malware.

If I had a nickel for every time this kind of scam was run, I’d have enough money to own a software company!

It’s important to teach employees about the basic block and tackling of cybersecurity. Suspicious emails, strange email addresses, odd attachments, the need to enable macros – all of these are red flags that users who undergo Security Awareness Training already understand and identify.

We’ve seen espionage targets like this before where the goal is to obtain U.S. secrets. The attacking of companies that do business with them is a nice added touch – it can facilitate island hopping from the partner business to the research firm target pretty easily. Both kinds of companies need to educate their users – otherwise, one of them (or both!) will find themselves a victim.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews