Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Essential information
- Published
- 20/08/2024 15:17
- Modified
- 20/08/2024 15:55
- Tags
- 2024-08-20 anvilecho blacksmith iran social engineering
- Related entities
- 10 observables, 1 intrusion sets (apt), 14 techniques (mitre), 2 malware
Description
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon engaging with the malicious links, the campaign attempted to deliver a new malware toolkit called BlackSmith, which included a PowerShell trojan dubbed AnvilEcho by Proofpoint. The malware is designed for intelligence gathering and exfiltration, bundling various capabilities previously observed in separate TA453 malware modules into a single script.