Tuesday, July 20, 2021

Iran Hackers Masqueraded as UK Scholars to Hack Think Tanks

 Here is more from the Jerusalem Post:

Iranian hackers masqueraded as British scholars with the University of London's School of Oriental and African Studies (SOAS) in an attempt to solicit sensitive information from journalists, think tank experts and senior professors since the beginning of the year, according to a new report by the cybersecurity company Proofpoint on Tuesday.

While Proofpoint has been unable to independently confirm that the hackers, known as TA453 or CHARMING KITTEN and PHOSPHORUS, are part of the IRGC, the hackers have historically aligned with the priorities of Iran's Islamic Revolutionary Guard Corps (IRGC), with attacks targeting dissidents, academics, diplomats and journalists, according to the report. 
In their latest attack, TA453 compromised a site belonging to SOAS in order to deliver pages disguised as registration links to harvest login information from targets, including experts in Middle Eastern affairs from think tanks, senior professors at academic institutions and journalists specializing in Middle Eastern coverage.
The hacker group used the personas of individuals associated with SOAS, in order to solicit conversations with targets. In initial emails sent by the first persona, TA453 invited the target to a fake online conference on “The US Security Challenges in the Middle East.” Emails by the second persona solicited contributions to a "DIPS Conference."


Last year, researchers said that Charming Kitten targeted the World Health Organization (WHO) by posing as a think tank.  In that incident, the hackers tailored a message to look like an interview request from a scholar at real Washington, DC-based think tank American Foreign Policy Council (AFPC).

In a separate 2020 incident, Iranian hackers impersonated the former head of Israeli military intelligence and his assistant to fish for analysis from a researcher at a think tank.