APT42 is characterized by highly targeted spear phishing and surveillance operations against individuals and organizations of strategic interest to Iran.
The group’s operations, which are designed to build trust and rapport with their victims, have included accessing the personal and corporate email accounts of government officials, former Iranian policymakers or political figures, members of the Iranian diaspora and opposition groups, journalists, and academics who are involved in research on Iran.
After gaining access, the group has deployed mobile malware capable of tracking victim locations, recording phone conversations, accessing videos and images, and extracting entire SMS inboxes.
APT42 has a demonstrated ability to alter its operational focus as Iran’s priorities evolve over time.
Mandiant anticipates APT42 will continue to conduct cyber espionage operations in support of Iran’s strategic priorities in the long term based on their extensive operational history and imperviousness to public reporting and infrastructure takedowns.
Sign Up For Threat Alerts
Sep 21, 2022
Magic Rat
Cisco Talos has discovered a new remote access trojan (RAT), which analysts are calling "MagicRAT,"...
Sep 21, 2022
Malicious Word Document with a Frameset
Xavier Mertens spotted a malicious Word OOXML document (with the new ".docx" format) that is...
Sep 18, 2022
US Cert Alert – Iranian Islamic Revolutionary...
The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple...
Sep 15, 2022
Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
In this incident, COBALT MIRAGE exploited the ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207). It is...
Sep 14, 2022
Dead or Alive – An Emotet Story
The DFIR Report observed a domain-wide compromise that started from a malware ridden Excel document...
Sep 13, 2022
Dead or Alive? An Emotet Story
The DFIR Report observed a domain-wide compromise that started from a malware ridden Excel document...
Sep 12, 2022
Shikitega – New stealthy malware targeting Linux
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are...
Sep 07, 2022
US Cert Alert – Vice Society
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the...
Sep 07, 2022
Worok – The big picture
ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and...
Sep 07, 2022
MuddyWater Targets Israel With Log4j Vulnerabilities In...
In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team...
Sep 05, 2022
No Honor Among Thieves – Prynt Stealer’s...
Stealing information is fundamental to cybercriminals today to scope and gain access to systems, profile...
Sep 05, 2022
Grandoreiro Banking Trojan with New TTPs Targeting...
Recently Zscaler ThreatLabz observed a Grandoreiro campaign targeting organizations in the Spanish-speaking nations of Mexico...
Sep 01, 2022
A Tale of PivNoxy and Chinoxy Puppeteer
An attack against a telecommunications agency in South Asia began with a simple email that...
Aug 31, 2022
New Golang Ransomware Agenda Customizes Attacks
Investigation revealed that the new ransomware in question targeted enterprises in Asia and Africa. Based...
Aug 31, 2022
ModernLoader delivers multiple stealers cryptominers and RATs
Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering...