Tag Archive for: impersonating

Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks


A cyber espionage group linked to the Iranian government has been impersonating think-tank employees to phish Middle Eastern nuclear weapons experts, according to researchers at Proofpoint.

The group — called “TA453,” “Charming Kitten” or “APT35,” depending on the threat intelligence service you’re relying on — has a long track record of targeting U.S. and European government officials, politicians, think tanks and entities involved in critical infrastructure.

The latest campaign detailed by Proofpoint dates from March to May of this year and begins with benign emails that seek to establish a rapport with foreign policy researchers in the West.

Those initial emails were later followed by phishing emails that link to a password-protected DropBox URL, ostensibly to access the research. Instead, it executes .RAR and LNK files and run a PowerShell script that installs a backdoor on the victim’s system, before calling out to a cloud hosting provider for additional malware payloads.

Full infection chain for GorjolEcho, one of the malware payloads deployed by Charming Kitten (Source: Proofpoint)

Joshua Miller, senior threat researcher at Proofpoint, told SC Media the campaign appears to be extremely targeted: thus far they are aware of fewer than 10 individuals who received phishing emails from the group. Miller said their visibility over the campaign is restricted to data and follow-ups culled from Proofpoint customers, and that none were successfully infected.

It’s not the first time Charming Kitten, which U.S. officials have linked to Iran’s Islamic Revolutionary Guard Corps’ intelligence organization, has targeted think tanks and other research institutions, seemingly in an effort to gather intelligence about Western foreign policy decision-making. While the group has targeted government officials in the past, they may find it easier to obtain some of the same information they’re looking for by targeting and compromising parties at the edge of those discussions.

“When we see them go after think tanks [and] academics, basically they’re informing the policy positions of the West and governments for nuclear sanctions or diplomatic policies. The idea is that that…

Source…

North Korean hacking outfit impersonating venture capital firms


A financially-motivated hacking group tied to North Korea has been impersonating venture capital firms in Japan, the United States and other countries in an effort to spearphish startup employees and related businesses, according to new research.

In a report released Tuesday, security researchers at Kaspersky said the group – tracked as “BlueNoroff” by Kaspersky and “HiddenCobra” by others – registered at least 70 web domains over the last year mimicking the websites of real venture capital firms in Japan and other financial institutions. The sites function as phishing lures to deliver malware and Kaspersky believes that start up employees are among the targeted victims, as several decoy documents were crafted to look like job offers.

“The actor usually used fake domains such as cloud hosting services for hosting malicious documents or payloads. They also created fake domains disguised as legitimate companies in the financial industry and investment companies,” wrote Seongsu Park, lead security researcher at Kaspersky.

The group appears primarily interested in Japanese businesses, targeting local venture capital firms like Beyond Next Ventures, Z Venture Capital and ABF Capital. They also impersonated a Taiwanese venture capital fund as well as financial institutions like Bank of America, the Sumitomo Mitsui Banking Corporation and the Mitsubishi UFJ Financial Group.

A partial list of spoofed websites registered by BlueNoroff. (Image credit: Kaspersky)

Kaspersky places BlueNoroff as part of Lazarus Group – an umbrella term security researchers use to describe a loose network of financial and espionage-focused hacking teams who generally work on behalf of the North Korean government. The group has more lately been focused on hacking crypocurrency startups with similar impersonation tactics but is also perhaps best-known for making off with more than $80 in 2016 after breaking into SWIFT transfer payments used by the Bank of Bangladesh.

Kaspersky also identified a number of new malware delivery techniques employed by the group. In September, telemetry collected by the cybersecurity firm turned up evidence that the group was experimenting with a variety of new file types…

Source…

hackers impersonating Telecom Department to steal your data


While this may seem legit since the government does have a dedicated Cyber Swachhta Project, the catch here is that the link provided is a phishing link designed to dupe users. The actual URL of the government’s project is actually csk.gov.in.

The tweet tagged the Department of Telecommunications, Government of India, TRAI and Reliance Jio. Jio responded saying the message apperas to be a scam and the user should not click on the given link.

For the uninitiated, Cyber Swachhta Kendra is a part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology, which alerts users about possible botnet infections in India that could harm users’ devices. It also shows ways to clean this malware and prevent further infection.

What can you do in such a case?

If you’re concerned about your device’s security, the Cyber Swachhta Kendra’s website suggests scanning your computer/smartphone to remove the malware and take steps to improve the device’s security. It encourages you to visit the Antivirus companies’ websites, which offer a free bot removal tool. However, it is unlikely that the government will prompt you of such an event by specifically sending an SMS about it. Please be sure to check the URL provided if you’ve received such an SMS, and do not be fooled by gov.in domain suffix as it does not guarantee security.

The original Cyber Swachhta Kendra’s website recommends Microsoft Windows users install Quick Heal, eScan, or K7 Security tools to secure their computer. For mobile phones, it suggests the eScan application available on the Google Play Store to eliminate the shenanigan.

Source…

Impersonating Arab Princesses On Social Media – How Pakistan Sought To Malign India In Middle East – Swarajya

Impersonating Arab Princesses On Social Media – How Pakistan Sought To Malign India In Middle East  Swarajya
“cyber warfare news” – read more