BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Iranian hackers again violated the rights of people in the Middle East


    Hackers linked to the Iranian government are conducting a social engineering and phishing campaign against human rights activists, journalists, researchers, academics, diplomats and politicians working in the Middle East. At least 20 people became victims. This was stated by the organization Human Rights Watch (HRW).

    During the campaign, email was compromised and confidential data belonging to three targets was stolen:

    • correspondent for a major American newspaper;
    • Gulf Women's Rights Defender;
    • Refugees International advocacy consultant Nicholas Noe from Lebanon.

    The attackers gained access to:

    • e-mail;
    • cloud storage;
    • calendars
    • contacts.

    They also stole all the data associated with Google accounts in the form of archive files through Google Takeout.

    The chain of infection begins with the victim receiving a suspicious WhatsApp message under the pretext of an invitation to a conference. The message convinces the victim to follow a link to a phishing site that mimics a Microsoft, Google, and Yahoo! login page and captures the credentials they entered. 15 out of 20 victims received the same WhatsApp messages between September 15 and November 25.

    These phishing pages can also be used in an AiTM attack to compromise two-factor authentication (2FA) accounts.

    HRW also cited weaknesses in Google's security tools, as security alerts due to Google account activity do not display any notifications. Because of this, the victims of the attacks were not even aware that "their Gmail accounts were compromised or their data was uploaded via Google Takeout".

    Threat activity is indicative of a broader campaign that uses URL shorteners to direct victims to phishing pages. This behavior is typical for APT-groups associated with Iran, such as APT42 and Phosphorus.

    Previously, researchers from Mandiant noted that the APT42 group operates on behalf of the Islamic Revolutionary Guard Corps (IRGC), and its tactics, techniques and procedures (TTPs) are very similar to APT35, another Iranian group known as Charming Kitten and Phosphorus.

    APT42 favors spear phishing against corporate and personal email accounts. The victims of APT42 are at least 14 countries, including the US, Australia, Europe and the Middle East, and include government officials, former Iranian politicians, members of the Iranian diaspora and opposition groups, journalists and scientists.

    Author DeepWeb
    Microsoft once again called "Russian hackers" the main threat to cybersecurity in Europe
    8 scammers made $114 million on a pump-and-dump scheme

    Comments 0

    Add comment