Connect with us

Hi, what are you looking for?

Science

Iran-linked hackers reportedly targeted activists and US officials – CNET

Targets of an Iran-linked phishing campaign saw pages like this one that asked for one-time login co..

Published

Targets of an Iran-linked phishing campaign saw pages like this one that asked for one-time login codes, according to researchers at Certfa.

Certfa Labs

Hackers with ties to the Iranian government targeted officials from other countries involved in implementing sanctions, as well as activists and journalists, with a phishing campaign, according to a report from London-based cybersecurity group Certfa.

The targets included atomic scientists and US Treasury officials, as well as supporters and detractors of the Iran nuclear deal rolled back this year by President Donald Trump, according to the AP, which earlier reported on the research. The campaign, which Certfa said was run by a hacking group nicknamed Charming Kitten, started four weeks before the Trump administration reinstated sanctions against Iran in November, the researchers found.

"In other words, hackers who are supported by the Iranian government pick their targets according to policies and international interests for the Iranian government," Certfa researchers wrote in their report.

The Iranian government didn't immediately respond to a request for comment.

The reported campaign underscores the degree to which government-sponsored hackers still rely on tricking email users into handing over their email usernames and passwords. The alleged phishing campaign aimed to bait targets into handing over their credentials and then went further, asking victims to provide one-time codes, such as texted and app-generated codes, used as a second form of authentication.

Physical tokens, such as Yubikey, help prevent such types of hacking because the devices have to be present when logging into important email accounts.

To add a look of legitimacy to their campaign, the hackers in some cases directed victims to open websites hosted on Google Sites pages before entering their usernames and passwords, Certfa said. The researchers said they notified Google of the pattern, and Google deactivated the hackers' pages hosted on the company's service. Google didn't immediately respond to a request for comment.

The AP reached out to targets identified in Certfa's research and learned many of them had recently received phishing messages.

It isn't clear how many victims fell for the phishing scheme, and it appears the hackers were discovered because they made a basic error. According to the AP, they left a database of information unsecured on the internet, allowing researchers to find it and extract details of their phishing campaign.


[contf]
[contfnew]

cnet

[contfnewc]
[contfnewc]

Post Views: 202
In this article:

Finance

A clear, concise bid helped us win Fortis deal: Mohit Burman, Director, Dabur India

In an interview with ET Now, Dabur India Director Mohit Burm..

May 12, 2018

Science

2018 British Open: How to watch, stream the golf event – CNET

The 147th Open championship will be at Carnoustie Golf Club in Scotland. Jan Kruger/R&A Golfers ..

July 15, 2018

Tech

NYPD can’t get story straight on evidence system backups

Enlarge Oliver Morris/Getty Images) In response to an Ars re..

October 20, 2017

Tech

Nvidia to cease producing new drivers for 32-bit systems

Enlarge/ You wouldn't really want to use Nvidia's ..

December 23, 2017