A Telegram Bot Told Iranian Hackers When They Got It

When the Iranian hacking group APT35 want to know if one of the digital lures has bitten, all you have to do is check the Telegram. Whenever someone visits one of the copycat sites they have set up, an announcement will appear on a public channel of the messaging service, detailing the IP address, location, device, browser of the potential victim, and more. It is not a push notification; it is a phish advertisement

Google Threat Analysis Group outlined the novel approach as part of a broader look at APT35, also known as Charming Kitten, a state-sponsored group that has spent the past several years trying to get high-cost targets to achieve click the wrong link and get their credentials. And while APT35 isn’t the most successful or sophisticated threat on the international stage – it’s the same group, after all, unintentionally released hours of videos of their own hacking—Their use of Telegram stands as a new scam that can pay dividends.

The group uses a variety of methods to tempt people to visit their phishing pages in the first place. Google has plotted some of the scenarios observed recently: the compromise of a UK university website, a fake VPN app that quickly penetrated the Google Play Store, and phishing emails in which hackers pretended pretend to be organizers of real conferences, and try to trap their brand through malicious PDFs, Dropbox links, websites, and more.

In the case of the university website, the hackers targeted potential victims on the compromise page, encouraging them to log in to the service provider they wanted-everything from Gmail to Facebook to AOL was on offer. -to watch a webinar. If you enter your credentials, they will go directly to APT35, which also asks for your two-factor authentication code. It’s a technique that’s very old -fashioned with its fists; It is run by APT35 from 2017 to target people in government, academia, national security, and more.

The phishing page is hosted on a compromised website.

Courtesy of Google TAG

The fake VPN isn’t particularly new, and Google says the app is booted from its store before anyone can download it. Anyone who falls into the scam, though-or installs it on another platform where it’s still available-spyware can steal call logs, text, location data, and contacts.

Actually, the APT35 aren’t exactly overachievers. While they convinced officials from the Security conference in Munich and Think-20 Italy in previous years, that too went straight to Phishing 101. “It’s a productive group with a broad target audience, but broad targeted target is not representative of the actor’s level of success, “said Ajax Bash, security engineer at Google TAG. “Their success rate is really short.”

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *