US Political Campaigns Targeted by Iranian Spear Phishing Attacks



Spear Phishing Campaign Targets Energy CompaniesResearchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing attacks against US political campaigns.

“Insikt Group has identified a significant increase in cyber threat activity from GreenCharlie, an Iran-nexus group that overlaps with Mint Sandstorm, Charming Kitten, and APT42,” the researchers write.

“Targeting US political and government entities, GreenCharlie utilizes sophisticated phishing operations and malware like GORBLE and POWERSTAR. The group's infrastructure, which includes domains registered with dynamic DNS (DDNS) providers, enables the group’s phishing attacks.”

GreenCharlie uses social engineering as an initial access vector to deploy malware. Its goal is often to steal and leak information for disruptive purposes.

“Iran and its associated cyber-espionage actors have consistently demonstrated both the intent and capability to engage in influence and interference operations targeting US elections and domestic information spaces,” the researchers write. “These campaigns are likely to continue utilizing hack-and-leak tactics aimed at undermining or supporting political candidates, influencing voter behavior, and fostering discord.”

The threat actor exploits dynamic DNS services to direct users to phishing sites that impersonate popular productivity tools.

“The group’s infrastructure is meticulously crafted, utilizing dynamic DNS (DDNS) providers like Dynu, DNSEXIT, and Vitalwerks to register domains used in phishing attacks,” the researchers write. “These domains often employ deceptive themes related to cloud services, file sharing, and document visualization to lure targets into revealing sensitive information or downloading malicious files.”

Insikt Group concludes that political and government entities in the US should be on the lookout for social engineering tactics.

“While our research will continue to examine the domains, infrastructure, network intelligence, and malware, we recommend that interested parties pay increased attention to the traditional avenues Iranian APTs use to target their victims, which is predominantly via social engineering and spearphishing emails,” the researchers write. “Iranian APTs like to directly engage with targets via encrypted chats, SMS, and video calls to deliver malicious files.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Recorded Future has the story.


Comprehensive Anti-Phishing Guide

Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don’t have an effective strategy to stop them. Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.

Comprehensive-Anti-Phishing-Guide-Thumbnail

Strategies include:

  • Developing a comprehensive, defense-in-depth plan
  • Technical controls all organizations should consider
  • Gotchas to watch out for with cybersecurity insurance
  • Benefits of implementing new-school security awareness training
  • Best practices for creating and implementing security policies

Get the E-Book now!

Download Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/comprehensive-anti-phishing-guide



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews