Stu Sjouwerman
2024-10-02 15:10:00
blog.knowbe4.com
The U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing attacks targeting “individuals with a nexus to Iranian and Middle Eastern affairs, such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists.”
The agencies attribute the activity to Iran’s Islamic Revolutionary Guard Corps (IRGC).
The threat actor is also targeting members of U.S. political campaigns. The U.S. Justice Department last week accused three IRGC employees of successfully hacking an account belonging to a member of the Trump campaign via a social engineering attack.
“The cyber actors working on behalf of the IRGC gain access to victims’ personal and business accounts using social engineering techniques, often impersonating professional contacts on email or messaging platforms,” the advisory states.
“In addition, these actors might attempt to impersonate known email service providers to solicit sensitive user security information on email or messaging platforms….The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials. Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors.”
The agencies recommend that organizations implement security best practices to thwart targeted social engineering attacks:
- Implement a user training program with phishing exercises to raise and maintain awareness among users about risks of visiting malicious websites or opening malicious attachments. Reinforce the appropriate user response to phishing and spear phishing emails. Cyber hygiene awareness for personal accounts and company accounts is strongly recommended
- Recommend using only official email accounts for official business, updating software, avoiding clicking on links or opening attachments from suspicious emails before confirming their authenticity with the sender, and turning on multi-factor authentication to improve online security and safety
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The NCSC has the story.
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.