Iranian backed group steps up phishing campaigns against Israel, U.S.
· Published 26/08/2024 12:43 · Modified 26/08/2024 13:06
Essential information
- Published
- 26/08/2024 12:43
- Modified
- 26/08/2024 13:06
- Tags
- 2024-08-26 credential-theft dwp election targeting gcollection iran lcollection phishing social engineering ycollection
- Related entities
- 38 observables, 1 intrusion sets (apt), 19 techniques (mitre), 4 malware, 2 others
Description
An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-profile individuals in Israel and the United States over the past six months. The group, associated with Iran's Islamic Revolutionary Guard Corps, has focused on current and former government officials, political campaigns, diplomats, think tanks, NGOs, and academic institutions involved in foreign policy discussions. APT42's activities demonstrate a concerted effort to rapidly shift its operational priorities in line with Iran's political and military objectives.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (38)
91.107.150.18449.13.194.118http://smaaaal.cfd/Wp59tqKUhttp://short-ion-per.live/08EFNZ1http://sharedrive.webredirect.org/Khn/shoaGzA/cGNt/dMPaV/kvvhKhttp://s3api.shop/api/http://panel-short-check.live/ZZqt3LYDhttp://panel-short-check.live/PhyfkFQXhttp://click-choose-figured.cfd/Gallery/Ref/FSaEM5gGhttp://click-choose-figured.cfd/Gallery/Passwordhttp://checking-paneling.live/aliasauthG/autoref/vNSX6c2mhttp://checking-paneling.live/aliasauthG/Passwordhttp://check-pabnel-status.live/Lcollection/Ref/F53OQQkEhttp://check-pabnel-status.live/Lcollection/Passwordhttp://check-pabnel-status.live/Gcollection/Ref/CkliPwaMhttp://check-pabnel-status.live/Gcollection/Passwordvisioneditor.loseyourip.comsharedrive.webredirect.orgsmaaaal.cfdshort-ion-per.lives3api.shopclick-choose-figured.cfdchecking-paneling.livebrookings.emailaccredit-navigation.onlineunderstandingthewar.orgpanel-short-check.livecheck-pabnel-status.livef83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed54992440484989c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c82ae2eb470a5a16ca39ec84b387294eaa3ae82e5ada4b252470c1281e1f31c0a0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf34ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Techniques (MITRE) (19)
-
Deploy Container
-
Gather Victim Org Information
-
Dynamic Resolution
-
Gather Victim Identity Information
-
Develop Capabilities
-
Create Account
-
Email Collection
-
Audio Capture
-
Phishing for Information
-
Application Layer Protocol
-
Process Injection
-
Network Sniffing
-
User Execution
-
Supply Chain Compromise
-
Phishing
-
Valid Accounts
-
OS Credential Dumping
-
Command and Scripting Interpreter
Malware (4)
-
FamilyPublished 26/08/2024 12:43 · Modified 26/08/2024 12:43
-
FamilyPublished 26/08/2024 12:43 · Modified 26/08/2024 12:43
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:40 · Modified 21/12/2025 06:40
-
FamilyPublished 26/08/2024 12:43 · Modified 26/08/2024 12:43
Others (2)
- Israel
- United States of America