US Military Veterans Targeted By Iranian State Hackers (Sep 25, 2019)
According to Cisco Talos researchers, Iran's government-backed hackers have been trying to infect US military veterans. The actors created a spoof application purporting to be an App designed to help veterans find employment. The application sends sensitive information about the machine and the network it is connected to, before downloading a Remote Access Trojan (RAT). Researchers say the actors were likely hoping the victim would download the application on the DOD network. The Talos team have linked the campaign to the Tortoiseshell group - believed to be an Iranian government backed hacking group.
Recommendation: Although this campaign was highly targeted against the defence sector, the actors behind these attacks will employ the same techniques against your organisation if you are of interest. Defense-in-depth is the best way to ensure safety from APTs. Defense-in-Depth involves the layering of defence mechanisms. This can include network and end-point security, social engineering training (such as training exercises to help detect phishing emails) for staff and robust threat intelligence capabilities.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.