It has been reported that the Iranian group APT35 (also known as Charming Kitten or Phosphorus) executed sophisticated spear-phishing campaigns that involved not only email attacks but also SMS messages over the festive season.
<p>Mandiant Threat Intelligence has tracked and monitored this activity, which we track as UNC788, for a number of years. UNC788 is cluster of activity suspected of working on behalf of the Iranian government. These actors TTPs typically consist of credential theft campaigns against corporate and personal email accounts. We are currently observing continued credential harvesting campaigns and emphasize that this activity is a long-term risk to vulnerable entities. Significantly, this group has previously targeted journalists, Western think tanks, current and former government officials, as well as pharmaceutical and medical technology companies.</p> <p><br /><br />The use of SMS phishing is no surprise and highlights the breadth of social engineering tactics used by threat actors. Security teams typically dedicate significant resources to preventing and detecting malicious emails and threat actors have therefore pursued alternative means of contacting targets. For many years, Iranian groups have also employed fake social media personas to collect information on individuals and distribute malicious links. It is therefore imperative for security teams to implement security policies and user education programs that account for a wide range of social engineering tactics.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics