Researchers at Palo Alto Networks’ Unit 42 have uncovered an Iranian cyber-espionage campaign utilizing a fake modeling agency website to target victims through advanced social engineering and browser fingerprinting. The operation is believed to be conducted by a known Iranian threat group, possibly Agent Serpens (APT35). (Affected: targeted individuals and organizations susceptible to spear-phishing and cyber-espionage activities)
Keypoints :
- An Iranian threat group created a fake website impersonating Germany’s Mega Model Agency to conduct cyber-espionage.
- The cloned site mimicked the real agency’s branding and layout, with deliberate modifications to deceive visitors.
- Obfuscated JavaScript was used to silently collect detailed visitor data, including browser info, screen resolution, IP addresses, and device fingerprints.
- The collected data was transmitted via disguised endpoints, likely to facilitate targeted attacks or malware delivery.
- The campaign employed social engineering tactics, such as replacing legitimate profiles with fictitious personas and injecting malicious links.
- This operation shows sophisticated techniques consistent with known espionage activities by Agent Serpens targeting Iranian dissidents and activists.
- While no direct victim interaction has been confirmed, the level of preparation indicates potential use in spear-phishing campaigns.
Read More: https://securityonline.info/iranian-cyber-espionage-uses-fake-modeling-agency-for-targeted-attacks/