The Iranian threat actor displays activity similar to that of other advanced persistent threat groups.
An Iranian threat actor, under the name of Educated Manticore, has been the cause of targeted phishing attacks towards Israeli victims, with researchers finding that its activity links the group to another advanced persistent threat (APT) group by the name of Phosphorus.
Its activity is similar to other well-known hacking groups like TA453 and Cobalt Illusion in that its phishing attempts are designed to deploy a new version of PowerLess — something that Phosphorus has managed to do in the past while operating in the Middle East and Africa.
In a report released by Check Point, researchers say that the new version of the PowerLess payload uses "an ISO file to initiate the infection chain." They also reported that other documents in the ISO file were written in Hebrew, Arabic, and English, claiming to feature information about Iraq from the Arab Science and Technology Foundation leading researchers to believe that "the research community may have been the target of the campaign."
It's likely that these threat actors will continue to test and refine the tools used to commit these attacks in the future. "While the new PowerLess payload remains similar," Check Point researchers said in the analysis, "its loading mechanisms have significantly improved, adopting techniques rarely seen in the wild, such as using .NET binary files created in mixed mode with assembly code."
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024