As part of a phishing campaign, Iran attacked about a dozen people associated with US President Joe Biden, Vice President Kamala Harris and presidential candidate Donald Trump.
Points of attention
- APT42, known as Charming Kitten, uses malware and phishing to attack private email inboxes.
- Iranian hackers work with targets on encrypted messaging platforms to undermine trust.
- Russian hacking group Cold River also conducts phishing attacks targeting Russian government officials and activists.
Trump, Biden and Harris became the targets of an Iranian phishing attack
As Google notes in the report, APT42, an Iranian government hacking group also known as Charming Kitten and Mint Sandstorm, attacked about a dozen people in May and June.
Hackers usually attacked personal e-mail boxes of officials of various postal providers.
One such attack targeted a well-known political consultant. And as Google discovered, it was successful.
APT42 uses various phishing methods. In particular, this is the placement of malicious software, phishing pages and malicious redirects. Hackers usually try to use services such as Google (for example, Sites, Drive, Gmail and others), Dropbox, OneDrive, etc.
According to the report, the same hacking group is also engaging with targets on encrypted messaging platforms such as Signal and WhatsApp to break into trust.
Google security researchers are still recording that APT42 is trying to break into personal email boxes associated with Biden, Trump and Vice President Harris.
Russian hackers attacked the mail of the US ambassador to Ukraine Pifer
According to the NGOs Access Now and Citizen Lab, this attack was part of a larger campaign targeting former Russian civil servants, academics and opposition activists.
A hacker group called Cold River used a fake identity of a former US ambassador to gain Pifer's trust and trick him into entering his details on a fake website. It is currently unknown whether the attackers were able to gain access to his email.
In addition, Cold River attempted to hack Russian investigative media outlet Proekt Media using similar fraud techniques.
Polina Mahold, head of Proekt Media, who currently works in Germany, said that the attackers tried to impersonate her colleague from another independent Russian media outlet.