[TheRecord] Suspected Iranian hacker looks to steal Gmail, Instagram credentials

An Iranian threat actor discovered earlier this year is responsible for attacks against U.S. targets designed to hoover up Gmail and Instagram credentials, according to research released Wednesday by security firm SafeBreach.

While the actor was originally exposed in September, further analysis by the company found phishing attacks that stretched back to July. Almost half of the phishing campaign’s victims are located in the United States.

The research also uncovered the PowerShell code, which researchers dubbed PowerShortShell, that attackers used to pilfer a range of critical data from victims, such as screenshots and Telegram files.

PowerShortShell was typically delivered via Office documents sent via email, with lures like pictures of Iranian soldiers and evidence of the ‘Corona massacre’ performed by Iran’s supreme leader.

SafeBreach said the documents exploited the CVE-2021-40444 vulnerability to drop the malicious PowerShell code, which then gathered data from the infected computer.

Researchers said the actor could be linked to Tehran’s regime “since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten and Rampant Kitten,” they said, referring to other Iranian hacking groups that various researchers have unmasked in recent years.

Malicious actors with links to Iran have relied on social media for most of their phishing operations for years. 

One of the most recent instances occurred in July, when Facebook revealed that a group of Iranian hackers targeted U.S. military personnel through a “well-resourced and persistent operation” to trick them into providing sensitive information as part of a broader online espionage campaign.

The post Suspected Iranian hacker looks to steal Gmail, Instagram credentials appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] Microsoft shares mitigations for Windows PrintNightmare zero-day bug

Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets

All posts, HackerNews

A now-patched critical vulnerability in OpenSea, the world’s largest non-fungible token (NFT) marketplace, could’ve been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following […]

Read More

[HackerNews] Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

All posts, HackerNews

In what’s yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer’s accounts. The two libraries in question are “coa,” a parser for command-line options, and […]

Read More