It has been reported that an Iranian threat actor has successfully compromised attendees of two global conferences – including ambassadors and senior policy experts – in an effort to steal their email credentials. Microsoft linked the attack, which targeted more than 100 conference attendees, to Phosphorus, which it said is operating from Iran. The group – also known as APT 35, Charming Kitten, and Ajax Security Team – has been known to use phishing as an attack vector.
This breach is clearly a surgical strike against a targeted group of former government officials, policy experts and academics, and leaders. The million-dollar question is how much personal information have the hackers been able to obtain. There should be a cause for concern if the hackers have stolen private information from various nations working on foreign policy in their countries. The short and long-term issue for various leaders is how they go about securing private information. In the case of these influencers, they need to take digital security seriously, limit the number of people that have access to their email and social media accounts, and work with the security professionals within their governments or companies that know how to reduce risk and collateral damage.