Researchers have uncovered UNK_SmudgedSerpent, a new cyber-espionage group targeting academics and policymakers with sophisticated phishing attacks since mid-2025. The groupβs tactics show overlaps with Iranian APT groups, but definitive attribution remains challenging. #Iranians #APTgroups
Keypoints
- UNK_SmudgedSerpent has been conducting targeted phishing campaigns against academics and foreign policy experts since June 2025.
- The group uses social engineering tactics, including spoofed login pages for Microsoft 365 and OnlyOffice to harvest credentials.
- Attackers deploy Remote Monitoring and Management (RMM) tools like PDQConnect and ISL Online for persistence and control.
- Infrastructure overlaps with known Iranian APT groups such as TA455 and TA450, complicating attribution efforts.
- The groupβs methods and infrastructure suggest possible shared resources or collaboration within Iranβs cyber ecosystem.