Experts Insight On APT35 Recent Phishing Attacks

It has been reported that the Iranian group APT35 (also known as Charming Kitten or Phosphorus) executed sophisticated spear-phishing campaigns that involved not only email attacks but also SMS messages over the festive season.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Collier
Jamie Collier , Intelligence Analyst
InfoSec Expert
January 15, 2021 12:21 pm

<p>Mandiant Threat Intelligence has tracked and monitored this activity, which we track as UNC788, for a number of years. UNC788 is cluster of activity suspected of working on behalf of the Iranian government. These actors TTPs typically consist of credential theft campaigns against corporate and personal email accounts. We are currently observing continued credential harvesting campaigns and emphasize that this activity is a long-term risk to vulnerable entities. Significantly, this group has previously targeted journalists, Western think tanks, current and former government officials, as well as pharmaceutical and medical technology companies.</p> <p><br /><br />The use of SMS phishing is no surprise and highlights the breadth of social engineering tactics used by threat actors. Security teams typically dedicate significant resources to preventing and detecting malicious emails and threat actors have therefore pursued alternative means of contacting targets. For many years, Iranian groups have also employed fake social media personas to collect information on individuals and distribute malicious links. It is therefore imperative for security teams to implement security policies and user education programs that account for a wide range of social engineering tactics.</p>

Last edited 1 year ago by Jamie Collier
1
0
Would love your thoughts, please comment.x
()
x