Summary: The UK’s National Cyber Security Centre (NCSC) has issued a warning about Iranian cyber threats, specifically a spear phishing campaign attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). This campaign targets individuals involved in Iranian and Middle Eastern affairs, including US political campaigns, to further their information operations.
Threat Actor: Islamic Revolutionary Guard Corps (IRGC) | Islamic Revolutionary Guard Corps
Victim: Individuals with ties to Iranian and Middle Eastern affairs | Individuals with ties to Iranian and Middle Eastern affairs
Key Point :
- The IRGC’s spear phishing campaign targets current and former government officials, think tank personnel, journalists, activists, and lobbyists.
- Threat actors impersonate trusted contacts and use various communication channels to lure victims into providing credentials through fake login pages.
- Organizations are advised to implement phishing awareness training and enhance email security measures to protect against these threats.
The UK’s National Cyber Security Centre (NCSC) teamed up with government agencies across the Atlantic to issue a new alert about Iranian cyber-threats on Friday.
Released in concert with the FBI, US Cyber Command – Cyber National Mission Force (CNMF) and the Department of the Treasury (Treasury), the security advisory claimed that Iran’s Islamic Revolutionary Guard Corps (IRGC) is behind the spear phishing campaign.
The campaign is targeted at individuals “with a nexus to Iranian and Middle Eastern affairs,” although it’s also focused at US political campaigns, with an end goal of furthering its information operations, the advisory noted.
Current or former senior government officials, senior think tank personnel, journalists, activists and lobbyists are apparently all potential targets.
Read more on Iranian campaigns: Iranian Hackers Secretly Aid Ransomware Attacks on US
Phishing Attacks Target Journalists and Diplomats
The threat actors tailor their tactics to the specific target, potentially impersonating family members, professional contacts, well-known journalists and/or email service providers. The lure may be a request for interview, an invitation to a conference or embassy event, a request for speaking engagement, or some other political or foreign policy discussion.
The threat actors use both messaging and email channels to target their victims, the report said.
“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” it continued.
“Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors. Victims sometimes gain access to the document but may receive a login error.”
How to Spot and Avoid Phishing Attempts
The advisory urged readers to be suspicious of unsolicited contact, attempts to send links or files via social media and other online services, email messages flagging alerts for online accounts, emails purporting to be from legitimate services and shortened links.
It also advised enterprises to:
- Implement a user training program for phishing awareness
- Recommend users only use work emails for official business, always keep software updated, switch on multi-factor authentication, and never click on links or open attachments in unsolicited emails
- Recommend users consider advanced protection services and hardware security keys
- Switch on anti-phishing and spoofing security features
- Block automatic email forwarding to external addresses
- Monitor email servers for changes to configuration and custom rules
- Enable alerts for suspicious activity
- Configure DMARC and other protocols correctly
- Use SSO with passkeys or other FIDO authenticators
- Use TLS for more secure email
Source: https://www.infosecurity-magazine.com/news/uk-us-warn-iranian-spearphishing