Subj : Microsoft warns of new spearphishing attack targeting workers at To : All From : TechnologyDaily Date : Thu Jan 18 2024 18:15:05 Microsoft warns of new spearphishing attack targeting workers at top companies Date: Thu, 18 Jan 2024 17:58:48 +0000 Description: Iranians are targeting researchers and academia in the West, particularly those that can influence politicians, Microsoft warns. FULL STORY ====================================================================== Iran hackers are trying hard to discover exactly what researchers and academia in the West are working on and discussing, especially about Palestine and Israel - so much so that theyve launched a new, hard-to-detect phishing campaign against such individuals, aiming to install information-stealing malware . This is according to Microsoft, whose security researchers recently sounded the alarm on the campaign. As per the report , a subgroup of a known state-sponsored threat actor APT35 (AKA Charming Kitten, or Phosphorus) is engaged in phishing attacks against high-profile employees of research organizations and universities in Europe and the United States. The emails are custom-made and often make it past email security services. Middle East in focus "Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States," Microsoft said in the report. "In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files. In a handful of cases, Microsoft observed new post-intrusion tradecraft including the use of a new, custom backdoor called MediaPl." Besides MediaPI, which seems to be designed to open up an encrypted communications channel with the operators and the compromised endpoints, APT35 is also dropping MischiefTut, a backdoor allowing them to run commands and mount reconnaissance activity. "These individuals, who work with or who have the potential to influence the intelligence and policy communities, are attractive targets for adversaries seeking to collect intelligence for the states that sponsor their activity, such as the Islamic Republic of Iran," Microsoft said. "Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it's possible this campaign is an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum. Via BleepingComputer More from TechRadar Pro US government confirms Iran is behind cyberattacks on water companies Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/microsoft-warns-of-new-spearphishing-at tack-targeting-workers-at-top-companies --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .