Telegram bot told Iranian hackers when they were infected

When the Iranian APT35 hacking kit Wanting to know if one of her digital lures has gotten a bite, all she has to do is check Telegram. When someone visits one of the fake sites they created, a notification appears in a public channel on the messaging service, detailing the potential victim’s IP address, location, device, browser, and more. it’s not push notification; that it fraud Attention.

Google Threat Analysis Suite the summary The new technology is part of a broader look at APT35, also known as Charming Kitten, a state-sponsored group that has spent the past several years trying to get high-value targets to click on the wrong link and seek their credentials. And while APT35 is not the most successful or sophisticated threat on the international stage – this is the same group, after all, by chance. Hours of leaked videos of themselves hackingTheir use of Telegram stands out as a creative wrinkle that can pay off.

The group uses a variety of tactics to try to get people to visit their phishing pages in the first place. Google has identified some scenarios that it has noticed lately: a UK university website being hacked, a fake VPN app that briefly infiltrated the Google Play Store, phishing emails in which hackers pretend to be real conference organizers, and an attempted entrapment. tags them through malicious PDFs, Dropbox links, websites, and more.

In the case of the university’s website, hackers direct potential victims to the hacked page, encouraging them to sign in with the service provider of their choice—everything from Gmail to Facebook to AOL on offer—to view a webinar. If you enter your credentials, they will go directly to APT35, which also asks for your two-factor authentication code. It is a technique so old that it has bristles; APT35 has been running it since 2017 to target people in government, academia, national security, and more.

The phishing page is hosted on a hacked site.

Courtesy of Google TAG

The fake VPN isn’t particularly innovative, and Google says it booted the app from its store before anyone could download it. If anyone falls for the trick – or installs it on another platform where it’s still available – the spyware can steal call logs, texts, location data, and contacts.

Honestly, the APT35 isn’t exactly over-achiever. While they have convincingly impersonated officials from the Munich Security Conference and Think-20 Italy in recent years, this also came straight out of phishing 101. “This is a very prolific group with a broad target group, but this broad target group is not representative of The actor’s level of success,” says Ajax Bash, Security Engineer at Google TAG. “Their success rate is actually very low.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button