Iranian nation-state actor #TA453 continues to evolve its tactics, deploying novel infection chains and malware (GorjolEcho and NokNok) to infiltrate both Windows and #macOS systems.

https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html

#cybersecurity #infosec #technology

Proofpoint APT threat researchers have observed #TA453 (AKA Charming Kitten) using new tactics and tools to complicate detection efforts and conduct cyber espionage operations against its targets of interest. #CharmingKitten #APT42 https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware?utm_source=twitter&utm_medium=social&utm_source=social_organic&utm_social_network=twitter&utm_campaign=threat_research&utm_post_id=381f2172-cb7f-4d7a-bc5f-f4e2eeee72cb

📬 PowerLess: Malware hat es jetzt auch auf Telegram-Daten abgesehen
#Cyberangriffe #Kurznotiert #Malware #APT35 #APT42 #CharmingKitten #CheckPointResearch #EducatedManticore #MintSandstorm #Phosphorus #PowerLess #TA453 #Telegram https://tarnkappe.info/artikel/it-sicherheit/malware/powerless-malware-hat-es-jetzt-auch-auf-telegram-daten-abgesehen-273696.html

It is good to be selective in choosing your LinkedIn connections. My golden rule has always been: have I worked with or met this person before, and would I work or meet with them again? With SEABORGIUM and TA453 running active spear-phishing campaigns, this is even more important.

The UK National Cyber Security Centre says that Russia-based SEABORGIUM and Iran-based TA453 actors are still using spear-phishing attacks to gather information from targeted organizations and individuals in the UK and elsewhere.

Even though the tactics, techniques, procedures, and targeting profiles are similar, these campaigns are different, and the two groups are not working together.

My top tips for you.
1. Only accept connections from people you actually know.
2. Re-evaluate your list of connections and consider whether each connection is truly part of your network.
3. Check your privacy settings.
4. Trust, but verify!

https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest

#cybersecurity #infosec #spearphishing #linkedin #SEABORGIUM #TA453

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups https://securityaffairs.com/141393/apt/ncsc-warns-seaborgium-ta453-attacks.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #SEABORGIUM #Hacking #Russia #TA453 #Iran #NCSC #APT

RT @ChicagoCyber@twitter.com

What happens when a TA’s consistent TTPs change? Today we (#CristaNeedsATwitter and I) released a blog detailing examples of weird and wacky techniques and targeting from #TA453.

https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations

A personal 🧵 with thoughts.

PS:I’ll tweet later about our methods https://twitter.com/threatinsight/status/1602972959190274048

🐦🔗: https://twitter.com/ChicagoCyber/status/1603000186254594049

Notable deviations from #TA453's typical TTPs and targeting. Great analysis by @chicagocyber and #CristaNeedsAMastodon

https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations

What happens when a TA’s consistent TTPs change? Today we (#CristaNeedsAMastadon and I) released a blog detailing examples of weird and wacky techniques and targeting from #TA453.

https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations

With the current situation (#MahsaAmini) in Iran, I think it’s important to note that the Government of Iran (GOI) has had an intelligence interest in Gender Studies and Women’s Rights experts since AT LEAST 2021.

If we want to see how high they rank in interest, we just need to look at how they likely deployed the same malware (GhostEcho/CharmPower) against some of those researchers and activists that they did against Foreign Government embassy personnel.

When we pivot to look at Samantha, you see a persona that’s targeted MENA energy, a US based academic that’s an Iranian HVT, and senior US & European government officials, all using confrontational lures not typically seen from TA453.

Is this an actor gone rogue, willing to do anything to successfully phish at any cost? Maybe. Is it the intern or conscriptee just trying to meet a quota?

We don’t know but it’s definitely interesting to track.

We talked about confrontational conversational phishing, but nothing really says confrontational like compromising multiple email accounts just to deliver a JPEG of intimidation to a target. That, along with the compromise of a close affiliate of one of the former officials targeted in the IRGC Murder For Hire plot, leads us to believe that a subset of TA453 activity is more aggressive than we’ve seen historically.

Please go read it! Let us know what you think. #APT #Iran #IRGC #APT42 #Phosphorus #charmingKitten

When talking to people, one of the biggest questions i get is what does #TA453/#CharmingKitten do once they send their phishing links.

This is great work from @abirghattas!

https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians #Iran #APT

#introduction
I’m Josh/Yoshi.
I work as a Senior Threat Researcher hunting for state aligned cyber threat actors (aka APTs).
I focus on threats suspected of originating in the Middle East & North Africa Region, primarily Iranian aligned threats like #TA453 (#CharmingKitten), #TA450 (#Muddywater), and #TA456 (#Tortoiseshell).

Before this, I did #threatIntel work in healthcare. Before that, I worked for the #FBI.

I live in Chicago(land) with 3 kids, 2 dogs and my beautiful wife.

I’m a huge fan of #StarWars and the #LAChargers

This seems like a pretty cool place, excited to see how it grows.