'Educated Manticore' Targets Israeli Victims in Improved Phishing Attacks
The Iranian threat actor displays activity similar to that of other advanced persistent threat groups.
An Iranian threat actor, under the name of Educated Manticore, has been the cause of targeted phishing attacks towards Israeli victims, with researchers finding that its activity links the group to another advanced persistent threat (APT) group by the name of Phosphorus.
Its activity is similar to other well-known hacking groups like TA453 and Cobalt Illusion in that its phishing attempts are designed to deploy a new version of PowerLess — something that Phosphorus has managed to do in the past while operating in the Middle East and Africa.
In a report released by Check Point, researchers say that the new version of the PowerLess payload uses "an ISO file to initiate the infection chain." They also reported that other documents in the ISO file were written in Hebrew, Arabic, and English, claiming to feature information about Iraq from the Arab Science and Technology Foundation leading researchers to believe that "the research community may have been the target of the campaign."
It's likely that these threat actors will continue to test and refine the tools used to commit these attacks in the future. "While the new PowerLess payload remains similar," Check Point researchers said in the analysis, "its loading mechanisms have significantly improved, adopting techniques rarely seen in the wild, such as using .NET binary files created in mixed mode with assembly code."
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024