Iranian Hackers Target Defense and Government Officials in Ongoing Campaign

The Iranian state-sponsored hacking group APT42 has been targeting senior defense and government officials in an ongoing, sophisticated espionage campaign, the Israel National Digital Agency (INDA) reports.

As part of the attacks, the hackers relied on social engineering tactics, and expanded their scope by targeting the victims’ family members, to increase the attack surface and apply increased pressure on the primary targets.

Also known as Calanque, CharmingCypress, Educated Manticore, Mint Sandstorm, and UNC788, and associated with the Islamic Revolutionary Guard Corps (IRGC) intelligence agency, APT42 is tracked by the Israeli agency as SpearSpecter.

The new campaign uncovered by INDA involved invitations to conferences or meetings that either directed victims to spoofed web pages to harvest their credentials, or led to backdoor infections, for long-term access and data exfiltration.

The hackers were observed spending days or weeks building relationships with the intended victims and gathering intelligence via social media, public databases ...