Crafting convincing personas
APT42, an Iranian state-backed threat actor, uses social engineering attacks, including posing as journalists, to access corporate networks and cloud environments in Western and Middle Eastern targets.
Mandiant initially discovered APT42 in September 2022, reporting that the threat actors had been active since 2015, carrying out at least 30 activities across 14 countries.
The espionage squad, suspected to be linked to Iran’s Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO), has been seen targeting non-governmental groups, media outlets, educational institutions, activists, and legal services.
According to Google threat analysts who have been monitoring APT42’s operations, the hackers employ infected emails to infect their targets with two custom backdoors, “Nicecurl” and “Tamecat,” which allow for command execution and data exfiltration.
A closer look at APT42’s social engineering tactics
APT42 assaults use social engineering and spear-phishing to infect targets’ devices with tailored backdoors, allowing threat actors to obtain initial access to the organization’s networks.
Content was cut in order to protect the source.Please visit the source for the rest of the article.