Sat. Oct 23rd, 2021

When Iranian Hacking group APT35 Want to know if one of his digital temptations got bitten, just check the telegram. Whenever someone visits one of their set up copycat sites, a notification appears on a public channel in the messaging service, detailing the potential victim’s IP address, location, device, browser and more. This is not a Push notification; It’s one Fish Notification

Google’s Threat Analysis Group Outline Innovative strategy as part of a broader approach to APT35, also known as Charming Kitten, is a state-sponsored group that has been trying to achieve high-value targets over the past few years for clicking on the wrong links and cutting their credentials. And while APT35 is not the most successful or sophisticated threat on the international stage – it is the same group, after all, accidentally. Hours of video leaking of their own hackingTheir use of tele telegrams stands as an innovative sacrifice that can pay dividends.

The group uses a variety of methods to try to get people to visit their phishing pages in the first place. Google has recently outlined some of the most watched scenes: a compromise on a UK university website, a fake VPN app that briefly enters the Google Play Store, and phishing emails where hackers pretend to be real conference organizers and try to trap malicious PDFs, Dropbox links, and more. Mark them through a lot of things.

In the case of university websites, hackers lead potential victims to a compromised page, which encourages them to log in with the service provider of their choice – offering everything from Gmail to Facebook to AOL to visit a webinar. If you enter your credentials, they go directly to APT35, which also asks for your two-factor authentication code. It’s a strategy so old it’s got whiskers on it; APT35 has been running it since 2017 to target people in government, academia, national security and more.

Phishing page hosted on a compromised website.

Courtesy Google Tags

Fake VPNs aren’t particularly innovative, and Google says it booted the app from its store before anyone downloaded it. If someone falls in love, though – or installs it on another platform where it is still available – spyware can steal call logs, text, location data and contacts.

Honestly, the APT35 is not exactly an overchiver. Although they have strongly disguised officials at the Munich Security Conference and Think-20 Italy in recent years, it is also outside of Phishing 101. The level of success of the actor, “said Ajax Bush, security engineer at Google Tag.” Their success rate is actually very low. “

Source link

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *