The U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing attacks targeting “individuals with a nexus to Iranian and Middle Eastern affairs, such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists.”
The agencies attribute the activity to Iran’s Islamic Revolutionary Guard Corps (IRGC).
The threat actor is also targeting members of U.S. political campaigns. The U.S. Justice Department last week accused three IRGC employees of successfully hacking an account belonging to a member of the Trump campaign via a social engineering attack.
“The cyber actors working on behalf of the IRGC gain access to victims’ personal and business accounts using social engineering techniques, often impersonating professional contacts on email or messaging platforms,” the advisory states.
“In addition, these actors might attempt to impersonate known email service providers to solicit sensitive user security information on email or messaging platforms....The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials. Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors.”
The agencies recommend that organizations implement security best practices to thwart targeted social engineering attacks:
- Implement a user training program with phishing exercises to raise and maintain awareness among users about risks of visiting malicious websites or opening malicious attachments. Reinforce the appropriate user response to phishing and spear phishing emails. Cyber hygiene awareness for personal accounts and company accounts is strongly recommended
- Recommend using only official email accounts for official business, updating software, avoiding clicking on links or opening attachments from suspicious emails before confirming their authenticity with the sender, and turning on multi-factor authentication to improve online security and safety
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The NCSC has the story.