One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8565655 |
| Date de publication | 2024-08-28 14:00:00 (vue: 2024-08-28 21:17:21) |
| Titre | J'espionne avec mon petit œil: découvrir une opération de contre-espionnage iranienne I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation |
| Texte | Written by: Ofir Rozmann, Asli Koksal, Sarah Bock
Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in Israel. The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran\'s perceived adversarial countries. The collected data may be leveraged to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations. These may include Iranian dissidents, activists, human rights advocates, and Farsi speakers living in and outside Iran. Mandiant assesses with high confidence this campaign was operated on behalf of Iran\'s regime, based on its tactics, techniques, and procedures (TTPs), themes, and targeting. In addition, we observed a weak overlap between this campaign and APT42, an Iran-nexus threat actor suspected to operate on behalf of Iran\'s IRGC Intelligence Organization (IRGC-IO). This campaign\'s activities are in line with Iran\'s IRGC and APT42\'s history of conducting surveillance operations against domestic threats and individuals of interest to the Iranian government. Despite the possible APT42 connection, Mandiant observed no relations between this activity and any U.S. elections-related targeting as previously reported by Google\'s Threat Analysis Group. The activity used multiple social media accounts to disseminate a network of over 35 fake recruiting websites containing extensive Farsi decoy content, including job offers and Israel-related lures, such as images of Israeli national symbols, hi-tech offices, and major city landmarks. Upon entry, the targeted users are required to enter their personal details as well as their professional and academic experience, which are subsequently sent to the attackers. The suspected counterintelligence operations started as early as 2017 and lasted at least until March 2024. In the past, similar campaigns were deployed in Arabic, targeting individuals affiliated with Syria and Hezbollah intelligence and security agencies. This may indicate Iran\'s counterintelligence activities extend beyond its own security and intelligence apparatus, possibly in support of its allies in Syria and Lebanon. Mandiant worked to help ensure this activity was blocked and disrupted, the threat actor\'s accounts were terminated, and Google Chrome users and the users of other browsers were protected. |
| Notes | ★★★★ |
| Envoyé | Oui |
| Condensat | +972 10: 11: 12: 13: 14: 2017 2018 2020 2020–2023 2021 2021–2022 2022 2022–2024 2023 2024 2024; |
| Tags | Threat Mobile Cloud |
| Stories | APT 42 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.