Iranian hackers are cyberattacking Middle Eastern women activists involved in human rights campaigns.
Cobalt Illusion is believed to be responsible for this hacking campaign.
- The hacker group, also known as Phosporous and APT35, is using phishing as a threat vector.
- It
initially sends regular links to gain the victim's trust and then sends
a malicious link to gain unauthorized access to the targeted accounts.
- The group uses tools such as Hyperscrape to steal data from different email providers.
- The threat actor is state-backed.
- Only a few days ago, Israel accused state-backed Iranian hackers of breaching Technion Institute.
- Earlier
this year, British authorities reported that Iranian threat actors were
falsely pretending to be journalists as a way of reaching targets of
high interest to them.
- In November 2022, Iran-backed threat actors breached the U.S. Merit Systems Protection Board.
