This article discusses the ongoing espionage campaign by the Iranian threat actor APT42, known as SpearSpecter, targeting high-value Iranian officials and their families. The campaign employs advanced social engineering, credential harvesting, and persistent malware deployment techniques to infiltrate and exfiltrate data from targeted organizations. #APT42 #SpearSpecter
Keypoints
- APT42 is a state-sponsored Iranian hacking group targeting individuals linked to the IRGC.
- The SpearSpecter campaign involves sophisticated social engineering and credential theft tactics.
- Attackers use web redirects, booby-trapped links, and PowerShell backdoors like TAMECAT for persistence.
- The campaign employs multi-channel command-and-control via HTTPS, Discord, and Telegram.
- Techniques include obfuscation, LOLBins, memory-based operations, and stealthy exfiltration methods.
Read More: https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html