Mediaboss Marketing

Conflicts in the Middle East, Ukraine, and other areas of simmering geopolitical tensions have made policy experts the latest target of cyber operations conducted by state-sponsored groups.

An Iran-linked group known as Charming Kitten, CharmingCypress, and APT42 recently targeted Middle East policy experts in the region as well as in the US and Europe, using a phony webinar platform to compromise its targeted victims, incident response services firm Volexity stated in an advisory published this month.

Charming Kitten is well known for its extensive social engineering tactics, including low-and-slow social engineering attacks against think tanks and journalists to gather political intelligence, the firm stated.

The group often dupes is targets into installing Trojan-rigged VPN applications to gain access to the fake webinar platform and other sites, resulting in the installation of malware. Overall, the group has embraced the long confidence game, says Steven Adair, co-founder and president of Volexity.

"I don't know if that is necessarily sophisticated and advanced, but it is a lot of effort," he says. "It's more advanced and more sophisticated than your average attack by a significant margin. It's a level of effort and dedication ... that is definitely different and uncommon ... to go to that much effort for such a specific set of attacks."

Policy experts are a frequently targeted by nation-state groups. The Russia-linked ColdRiver group, for example, has targeted nongovernmental organizations, military officers, and other experts using social engineering to gain the confidence of the victim and then following up with a malicious link or malware. In Jordan, targeted exploitation reportedly by government agencies used the Pegasus spyware program developed by the NSO Group and targeted journalists, digital-rights lawyers, and other policy experts.

Other companies have also described Charming Kitten/CharmingCypress' tactics. In a January advisory, Microsoft warned that the group, which it calls Mint Sandstorm, had targeted journalists, researchers, professors, and other experts covering security and policy topics of interest to the Iranian government.

"Operators associated with this subgroup of Mint Sandstorm are patient and highly skilled social engineers whose tradecraft lacks many of the hallmarks that allow users to quickly identify phishing emails," Microsoft stated. "In some instances of this campaign, this subgroup also used legitimate but compromised accounts to send phishing lures."

The group has been active since at least 2013, has strong links to the Islamic Revolutionary Guard Corps (IRGC), and has not been directly involved in the cyber-operational aspect of the conflict between Israel and Hamas, according to cybersecurity firm CrowdStrike.

"Unlike in the Russia-Ukraine war, where known cyber operations have directly contributed to the conflict, those involved in the Israel-Hamas conflict have not directly contributed to Hamas military operations against Israel," the company stated in its "2024 Global Threat Report" released on Feb. 21.

These attacks usually start with spear-phishing and end with a combination of malware delivered to the target's system, according to an advisory from Volexity, which calls the group CharmingCypress. In September and October 2023, CharmingCypress used a number of typo-squatted domains addresses similar to legitimate domains to pose as officials from the International Institute of Iranian Studies (IIIS) to invite policy experts to a webinar. The initial email demonstrated the low-and-slow approach of CharmingCypress, eschewing any malicious link or attachment and inviting the targeted professional to reach out through other channels of communications, such as WhatsApp and Signal.

Using in-depth spearphishing, CharmingCypress aims to convince policy experts to install malware. Source: Volexity

The attacks target Middle East policy experts worldwide, with Volexity encountering a majority of attacks against European and US professionals, Adair says.

"They are quite aggressive," he says. "They'll even set up entire email chains or a phishing scenario where they're looking for comment and there's other people maybe three, four, or five people on that email thread with the exception of the target they're definitely trying to build rapport."

The long con eventually delivers a payload. Volexity identified five different malware families associated with the threat. The PowerLess backdoor is installed by the Windows version of the malware-laden virtual private network (VPN) application, which uses PowerShell to allow files to be transferred and executed, as well as targeting specific data on the system, logging keystrokes, and capturing screenshots. A macOS version of the malware is dubbed NokNok, while a separate malware chain using a RAR archive and LNK exploit leads to a backdoor named Basicstar.

The group's approach to social engineering definitely embodies the "persistence" piece of the advanced persistent threat (APT). Volexity sees a "constant barrage" of attacks, so policy experts have to become even more suspicious of cold contacts, Adair says.

Doing so will be difficult, as many policy experts are academics in constant contact with students or members of the public and are not used to being strict with their contacts, he says. Yet they should definitely think before opening documents or entering credentials into a site reached through an unknown link.

"At the end of the day, they have to get the person to click something or open something, which if I want you to review a paper or something like that, means ... being very wary of links and files," Adair says. "If I have to enter my credentials at any point in time, or authorize something that should be a major red flag. Similarly, if I'm being asked to download something, that should be a pretty big red flag."

In addition, policy experts need to understand that CharmingCypress will continue to target them even if its attempts fail, Volexity stated.

"This threat actor is highly committed to conducting surveillance on their targets in order to determine how best to manipulate them and deploy malware," the company stated in its advisory. "Additionally, few other threat actors have consistently churned out as many campaigns as CharmingCypress, dedicating human operators to support their ongoing efforts."

Originally posted here:
Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets - Dark Reading

State Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington Washington D.C. West Virginia Wisconsin Wyoming Puerto Rico US Virgin Islands Armed Forces Americas Armed Forces Pacific Armed Forces Europe Northern Mariana Islands Marshall Islands American Samoa Federated States of Micronesia Guam Palau Alberta, Canada British Columbia, Canada Manitoba, Canada New Brunswick, Canada Newfoundland, Canada Nova Scotia, Canada Northwest Territories, Canada Nunavut, Canada Ontario, Canada Prince Edward Island, Canada Quebec, Canada Saskatchewan, Canada Yukon Territory, Canada

Zip Code

Country United States of America US Virgin Islands United States Minor Outlying Islands Canada Mexico, United Mexican States Bahamas, Commonwealth of the Cuba, Republic of Dominican Republic Haiti, Republic of Jamaica Afghanistan Albania, People's Socialist Republic of Algeria, People's Democratic Republic of American Samoa Andorra, Principality of Angola, Republic of Anguilla Antarctica (the territory South of 60 deg S) Antigua and Barbuda Argentina, Argentine Republic Armenia Aruba Australia, Commonwealth of Austria, Republic of Azerbaijan, Republic of Bahrain, Kingdom of Bangladesh, People's Republic of Barbados Belarus Belgium, Kingdom of Belize Benin, People's Republic of Bermuda Bhutan, Kingdom of Bolivia, Republic of Bosnia and Herzegovina Botswana, Republic of Bouvet Island (Bouvetoya) Brazil, Federative Republic of British Indian Ocean Territory (Chagos Archipelago) British Virgin Islands Brunei Darussalam Bulgaria, People's Republic of Burkina Faso Burundi, Republic of Cambodia, Kingdom of Cameroon, United Republic of Cape Verde, Republic of Cayman Islands Central African Republic Chad, Republic of Chile, Republic of China, People's Republic of Christmas Island Cocos (Keeling) Islands Colombia, Republic of Comoros, Union of the Congo, Democratic Republic of Congo, People's Republic of Cook Islands Costa Rica, Republic of Cote D'Ivoire, Ivory Coast, Republic of the Cyprus, Republic of Czech Republic Denmark, Kingdom of Djibouti, Republic of Dominica, Commonwealth of Ecuador, Republic of Egypt, Arab Republic of El Salvador, Republic of Equatorial Guinea, Republic of Eritrea Estonia Ethiopia Faeroe Islands Falkland Islands (Malvinas) Fiji, Republic of the Fiji Islands Finland, Republic of France, French Republic French Guiana French Polynesia French Southern Territories Gabon, Gabonese Republic Gambia, Republic of the Georgia Germany Ghana, Republic of Gibraltar Greece, Hellenic Republic Greenland Grenada Guadaloupe Guam Guatemala, Republic of Guinea, Revolutionary People's Rep'c of Guinea-Bissau, Republic of Guyana, Republic of Heard and McDonald Islands Holy See (Vatican City State) Honduras, Republic of Hong Kong, Special Administrative Region of China Hrvatska (Croatia) Hungary, Hungarian People's Republic Iceland, Republic of India, Republic of Indonesia, Republic of Iran, Islamic Republic of Iraq, Republic of Ireland Israel, State of Italy, Italian Republic Japan Jordan, Hashemite Kingdom of Kazakhstan, Republic of Kenya, Republic of Kiribati, Republic of Korea, Democratic People's Republic of Korea, Republic of Kuwait, State of Kyrgyz Republic Lao People's Democratic Republic Latvia Lebanon, Lebanese Republic Lesotho, Kingdom of Liberia, Republic of Libyan Arab Jamahiriya Liechtenstein, Principality of Lithuania Luxembourg, Grand Duchy of Macao, Special Administrative Region of China Macedonia, the former Yugoslav Republic of Madagascar, Republic of Malawi, Republic of Malaysia Maldives, Republic of Mali, Republic of Malta, Republic of Marshall Islands Martinique Mauritania, Islamic Republic of Mauritius Mayotte Micronesia, Federated States of Moldova, Republic of Monaco, Principality of Mongolia, Mongolian People's Republic Montserrat Morocco, Kingdom of Mozambique, People's Republic of Myanmar Namibia Nauru, Republic of Nepal, Kingdom of Netherlands Antilles Netherlands, Kingdom of the New Caledonia New Zealand Nicaragua, Republic of Niger, Republic of the Nigeria, Federal Republic of Niue, Republic of Norfolk Island Northern Mariana Islands Norway, Kingdom of Oman, Sultanate of Pakistan, Islamic Republic of Palau Palestinian Territory, Occupied Panama, Republic of Papua New Guinea Paraguay, Republic of Peru, Republic of Philippines, Republic of the Pitcairn Island Poland, Polish People's Republic Portugal, Portuguese Republic Puerto Rico Qatar, State of Reunion Romania, Socialist Republic of Russian Federation Rwanda, Rwandese Republic Samoa, Independent State of San Marino, Republic of Sao Tome and Principe, Democratic Republic of Saudi Arabia, Kingdom of Senegal, Republic of Serbia and Montenegro Seychelles, Republic of Sierra Leone, Republic of Singapore, Republic of Slovakia (Slovak Republic) Slovenia Solomon Islands Somalia, Somali Republic South Africa, Republic of South Georgia and the South Sandwich Islands Spain, Spanish State Sri Lanka, Democratic Socialist Republic of St. Helena St. Kitts and Nevis St. Lucia St. Pierre and Miquelon St. Vincent and the Grenadines Sudan, Democratic Republic of the Suriname, Republic of Svalbard & Jan Mayen Islands Swaziland, Kingdom of Sweden, Kingdom of Switzerland, Swiss Confederation Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand, Kingdom of Timor-Leste, Democratic Republic of Togo, Togolese Republic Tokelau (Tokelau Islands) Tonga, Kingdom of Trinidad and Tobago, Republic of Tunisia, Republic of Turkey, Republic of Turkmenistan Turks and Caicos Islands Tuvalu Uganda, Republic of Ukraine United Arab Emirates United Kingdom of Great Britain & N. Ireland Uruguay, Eastern Republic of Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam, Socialist Republic of Wallis and Futuna Islands Western Sahara Yemen Zambia, Republic of Zimbabwe

Here is the original post:
Iran has further increased its total stockpile of uranium, UN nuclear watchdog report says - El Paso Inc.

Iranian media have reported an increase in the Misery index over the past year in 25 provinces of Iran.

The economic website Eco Iran has announced in a report that in the fall of 2023, the misery index across the country was 52 units.

According to Eco Irans report, this fall, the Misery level in urban areas was 52.3 units, while in rural areas, it was 51.7 units, indicating a 0.6-unit higher Misery rate in cities compared to villages.

The report indicates that the highest level of Misery is in the cities of Lorestan province with 64.2 units.

Chaharmahal and Bakhtiari, Yazd, and Sistan and Baluchestan are other provinces with the highest Misery levels in their cities.

On the other hand, the lowest Misery level is in the cities of Tehran province with 44.5 units.

The misery index reflects the difficulty of the economic situation in society, derived from the total inflation and unemployment rates.

Some experts believe that the misery index is distant from the actual situation in Iran because the compilation of inflation and unemployment statistics in Iran involves manipulation of numbers and economic definitions by government institutions. Therefore, independent experts always consider the real situation to be more severe than the figures announced by government institutions.

Link:
Misery Index Increase in 25 Provinces of Iran - Iran Focus

KARACHI Just months after carrying out tit-for-tat attacks across the Pakistan-Iran border, Tehran and Islamabad are trying to get the stagnant Iran-Pakistan natural gas pipeline moving. This week, Pakistans Cabinet Committee on Energy has been finalizing the construction of an 50-mile patch of the pipeline from the Iranian border to the Pakistani port city of Gwadar.

Initially conceived as the Iran-Pakistan-India pipeline under plans laid in 1994, it became a bilateral project between Iran and Pakistan after India dropped out in 2008 amid increasing US sanctions on Iran.

Completed on the Iranian side, the pipeline extends nearly 700 miles from the Pars Special Economic Energy Zone to Iranshahr and Bushehr Fars, Kerman, Hormozgan and ends in the Sistan and Baluchestan province on the Pakistan-Iran border. From there on, the pipeline would stretch an additional 500 miles across the Pakistani provinces of Baluchistan and Sindh.

But Islamabad was unable to proceed with the project due to sanctions and financing challenges, despite pledges made in two agreements it had signed in 2009 and 2019. Islamabad was due to complete its section of the pipeline in February-March of this year, or else face a hefty penalty of $18 billion to be paid to Iran. But Tehran has given Islamabad until September 2024 to complete the nearly 500-mile section on Pakistans side.

Excerpt from:
Iran-Pakistan gas pipeline gets a reset, can it overcome sanctions? - Al-Monitor

Feb. 15, 2024 Release Number 20240215 - 02 FOR IMMEDIATE RELEASE

TAMPA, Fla. A U.S. Coast Guard cutter, forward deployed to the U.S. Central Command (CENTCOM) area of responsibility, seized advanced conventional weapons and other lethal aid originating in Iran and bound to Houthi-controlled areas of Yemen from a vessel in the Arabian Sea on Jan. 28.

The U.S. Coast Guard Sentinel-class fast-response cutter USCGC Clarence Sutphin Jr (WPC 1147), assigned to U.S. Naval Forces Central Command, located the vessel, and boarded it in the Arabian Sea. The boarding team discovered over 200 packages that contained medium-range ballistic missile components, explosives, unmanned underwater/surface vehicle (UUV/USV) components, military-grade communication and network equipment, anti-tank guided missile launcher assemblies, and other military components.

The direct or indirect supply, sale or transfer of such aid violates U.N. Security Council Resolution 2216 (as extended and renewed by resolutions 2675 and 2707).

This is yet another example of Irans malign activity in the region, said Gen. Michael Erik Kurilla, CENTCOM commander. Their continued supply of advanced conventional weapons to the Houthis is in direct violation of international law and continues to undermine the safety of international shipping and the free flow of commerce.

CENTCOM is committed to working with our allies and partners to counter the flow of Iranian lethal aid in the region by all lawful means including U.S. and U.N. sanctions and through interdictions.

Go here to see the original:
CENTCOM Intercepts Iranian Weapons Shipment Intended for Houthis - US Central Command