Skip to main content

Iranian state-backed cyber spies continue to impersonate media brands, think tanks

posted onMay 3, 2024
by l33tdawg
The Record
Credit: The Record

 The Iranian state-sponsored hacker group known as APT42 is impersonating well-known news outlets and think tanks to target journalists, researchers and activists in Western countries and the Middle East, researchers say.

For example, in a campaign that started in 2021 and is still ongoing, the hackers masqueraded as The Washington Post, The Economist and The Jerusalem Post to harvest login credentials from anyone who clicked on fake website links, according to research released this week by Google-owned Mandiant. APT42’s primary goal is espionage.

“The methods deployed by APT42 leave a minimal footprint and might make the detection and mitigation of their activities more challenging for network defenders,” Mandiant said. In its operations, APT42 often uses typosquatting — or acquiring web domains that look real but might have a small error or alteration — to create malicious links that redirect recipients to fake Google login pages, according to the report. An example would be “washinqtonpost[.]press” — note the "q" in the name. 

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th