'Educated Manticore' Targets Israeli Victims in Improved Phishing Attacks'Educated Manticore' Targets Israeli Victims in Improved Phishing Attacks
The Iranian threat actor displays activity similar to that of other advanced persistent threat groups.
April 25, 2023
An Iranian threat actor, under the name of Educated Manticore, has been the cause of targeted phishing attacks towards Israeli victims, with researchers finding that its activity links the group to another advanced persistent threat (APT) group by the name of Phosphorus.
Its activity is similar to other well-known hacking groups like TA453 and Cobalt Illusion in that its phishing attempts are designed to deploy a new version of PowerLess — something that Phosphorus has managed to do in the past while operating in the Middle East and Africa.
In a report released by Check Point, researchers say that the new version of the PowerLess payload uses "an ISO file to initiate the infection chain." They also reported that other documents in the ISO file were written in Hebrew, Arabic, and English, claiming to feature information about Iraq from the Arab Science and Technology Foundation leading researchers to believe that "the research community may have been the target of the campaign."
It's likely that these threat actors will continue to test and refine the tools used to commit these attacks in the future. "While the new PowerLess payload remains similar," Check Point researchers said in the analysis, "its loading mechanisms have significantly improved, adopting techniques rarely seen in the wild, such as using .NET binary files created in mixed mode with assembly code."
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023