The cybersecurity company said it could not directly link the actions of the cybercriminals with Tehran, but alleged an attack on Israeli-based specialists would be “consistent” with increased geopolitical tensions between Israel and Iran.
The hacker group TA453, also known as “Charming Kitten” and “Phosphorus”, targeted 25 “senior professionals” specialising in genetic, neurology, and oncology research based in Israel and the US in 2020, cybersecurity firm Proofpoint has said in a report.
The company could not say what the hackers were planning to do with the data obtained in the course of the cybercampaign dubbed BadBlood, but noted that “Phosphorus” used credentials harvested in earlier attacks to extract emails and use compromised accounts in new cyber operations.
Proofpoint cited outside reports linking “Phosphorus” to the Iranian government and its Islamic Revolutionary Guard Corps (IRGC), but stressed it could not “independently attribute TA453 to the IRGC”. The cybersecurity company also noted that it could not “conclusively determine the motivation” of the hackers involved in the BadBlood campaign.
Proofpoint said the techniques used to target the American and Israeli medical researchers in the 2020 attack were consistent with previous tactics used by “Phosphorus”, but the group had never before conducted operations against such individuals.
The cybersecurity company said TA453 had historically targeted “[Iranian] dissidents, academics, diplomats, and journalists”, but suggested the BadBlood campaign could have been “a specific short-term intelligence collection requirement”. Proofpoint added that a cybercampaign targeting Israeli individuals would also be “consistent” with geopolitical tensions between Israel and Iran, which intensified in 2020.
During the BadBlood campaign, “Phosphorus” used a phishing attack to steal the credentials of the aforementioned medical professionals’ Microsoft accounts, Proofpoint said. According to the cyberwatchdog, the hackers sent emails to their victims from an account masquerading as a prominent Israeli physicist and containing an invitation to read a report on the subject “Nuclear weapons at a glance: Israel”.
Read the complete article at: The Nation
Also Read: Iranians developing the cyber capabilities of Hezbollah