Iranian hackers used Gmail, Facebook, to spy on US aerospace contractor
August 3, 2021 Leave a comment
A GROUP OF HACKERS, who are known to operate under the direction of the Iranian government, used fictitious Gmail and Facebook accounts to compromise employees of a United States defense contractor. A report issued on Monday by the California-based cybersecurity company Proofpoint identified the hackers behind the espionage campaign as members of a group codenamed Threat Actor 456 (TA456).
Known also as Imperial Kitten and Tortoiseshell, TA456 has a history of pursuing espionage targets at the direction of the Iranian government. According to Proofpoint, TA456 is among “the most determined” Iranian-aligned threat actors. The cybersecurity firm adds that the espionage activities of TA456 often target Western “defense industrial base contractors” that are known to specialize in the Middle East.
The most recent operation by TA456 involved a fictitious online personality that went by the name “Marcella Flores”, also known as “Marcy Flores”, who claimed to live in the British city of Liverpool. The group used a Gmail account and fake Facebook profile to reinforce the fictitious profile’s credibility, and to approach employees of United States defense contractors. One such employee began corresponding with Flores on Facebook toward the end of 2019.
In June 2021, after having cultivated the relationship with the defense employee for over a year, Flores sent the employee a link to a video file, purportedly of herself. The file contained a malware, known as LEMPO, which is designed to search targeted computers and provide the hacker party with copies of files found on penetrated systems.
Facebook is apparently aware of the espionage campaign by TA456. Last month, the social media company said it had taken action “against a group of hackers in Iran [in order] to disrupt their ability to use their infrastructure to abuse [Facebook’s] platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States”.
► Author: Joseph Fitsanakis | Date: 03 August 2021 | Permalink
A WEB SERVER BASED in Holland and owned by a company registered in Cyprus is being used by the Iranian government to spy on its critics abroad, according to Dutch public radio. The information about Iranian espionage was 
A large-scale cyberespionage attack targeting United States government computer systems, which some experts 
The United States Department of Defense has barred its employees from using Zoom, a popular video teleconferencing application, due to concerns that foreign spies may be using the software to collect intelligence. The Pentagon made the announcement less than a day after the US Senate advised its members to refrain from using Zoom. The video teleconferencing software is owned by Zoom Video Communications, Inc., a NASDAQ-trading software firm headquartered in Jan Jose, California. It has become popular in recent weeks, due to the increasing reliance on telework resulting from the effects of the COVID-19 pandemic.
A cyberattack, coupled with a disinformation campaign, targeted the computer systems of the United States Department of Health and Human Services (HHS), in what officials believe was an effort to undermine America’s response to the coronavirus pandemic.
A leading Chinese cybersecurity firm has accused the United States Central Intelligence Agency of using sophisticated malicious software to hack into computers belonging to the Chinese government and private sector for over a decade.
A hacker attack of impressive magnitude targeted specific individuals of interest to the Chinese government as they moved around the world, in what appears to be the first such operation in the history of cyberespionage. The attack was revealed late last month by Cybereason, an American cybersecurity firm based in Boston, Massachusetts. Company experts 
Supporters of the Islamic State, most of them Persian speakers, were spied on by the government of Iran after they downloaded a fake smartphone application with wallpaper images, according to an online security firm. Iran is a major adversary of the radical Sunni group Islamic State. The latter considers Shiism (Iran’s state religion) as an abomination. Not surprisingly, therefore, the Islamic State, which is also known as the Islamic State of Iraq and Syria (ISIS), relies largely on supporters from the Arabic-speaking regions of the Levant. But according to estimates, Sunnis constitute about 10 percent of Iran’s population, and ISIS has found some fertile ground among Iran’s 8 million-strong Sunni minority. As a result, the government in Tehran is highly mistrustful of Iranian Sunnis, many of whom are ethnic Kurds, Baluchis, Azeris or Turkomans, and systematically spies on them.
Dutch spies identified a notorious Russian hacker group that compromised computer servers belonging to the Democratic Party of the United States and notified American authorities of the attack, according to reports. In 2016, US intelligence agencies determined that a Russian hacker group known as Cozy Bear, or APT29, led a concerted effort to interfere in the US presidential election. The effort, which according to US intelligence agencies was sponsored by the Russian government, involved cyber-attacks against computer systems in the White House and the Department of State, among other targets. It also involved the theft of thousands of emails from computer servers belonging to the Democratic National Committee, which is the governing body of the Democratic Party. The stolen emails were eventually leaked to WikiLeaks, DCLeaks, and other online outlets. Prior descriptions of the Russian hacking in the media have hinted that US intelligence agencies were notified of the Russian cyber-attacks by foreign spy agencies. But there was no mention of where the initial clues came from.
The Russian hacker group that targeted the United States presidential election in 2016 also attacked hundreds of reporters around the world, most of them Americans, an Associated Press investigation shows. The group is often referred to in cyber security circles as Fancy Bear, but is also known as Pawn Storm, Sednit, APT28, Sofacy, and STRONTIUM. It has been linked to a long-lasting series or coordinated attacks against at least 150 senior figures in the US Democratic Party. The attacks occurred in the run-up to last year’s presidential elections in the US, which resulted in a victory for Donald Trump. The hacker group’s targets included Democratic Party presidential candidate Hillary Clinton and her campaign chairman John Podesta. But its hackers also went after senior US diplomatic and intelligence officials, as well as foreign officials in countries like Canada and the Ukraine.
A member of a prolific Russian hacker group reportedly stated in court that he was hired by the Russian government to break into the computer systems of the Democratic Party in the United States. The hacker, Konstantin Kozlovsky, operated online as a member of Lurk, a notorious hacker group whose members are believed to have stolen in excess of $45 million from hundreds of companies since 2011. Most of the group’s members were apprehended in a 
intelNews.org 
Russian spies allegedly impersonated Microsoft staff to hack government agencies
August 7, 2023 by Joseph Fitsanakis 1 Comment
According to Microsoft, the hackers behind the spying campaign are associated with a prolific hacker group named APT29 (also known as “Cozy Bear” and “Midnight Blizzard”) by cybersecurity researchers. It rose to infamy in 2020, when it was connected with the worldwide SolarWinds attack, which some experts described as possibly being among “the most impactful espionage campaigns on record”. It is believed that APT29 is closely associated with the Russian Foreign Intelligence Service (SVR, pictured).
Starting in late May 2023, APT29 hackers used several previously compromised Microsoft 365 accounts in order to set up internet domains with technical support-themed names. They then used these domains to contact a number of “highly targeted” individuals through Microsoft Teams, pretending to be Microsoft technical support representatives. Eventually, some of their targets were persuaded to provide the hackers with information they received through Microsoft’s multifactor authenticator system, thus granting them full access to their user accounts.
Microsoft did not disclose the identities of the targets, saying only that they were nearly 40 in number, and included government agencies, various multinational technology and manufacturing firms, media companies, as well as non-governmental organizations.
► Author: Joseph Fitsanakis | Date: 07 August 2023 | Permalink
Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with APT29, computer hacking, Cozy Bear, cybersecurity, Microsoft, Midnight Blizzard