Threat Management, Threat Intelligence, Critical Infrastructure Security

APT42-linked infrastructure leveraged in Israel-targeted spear-phishing attack

Israeli security and defense workers were noted by the country's National Cyber Directorate to have been subjected to an ongoing spear-phishing campaign involving infrastructure linked to Iranian state-backed threat operation APT42, also known as Charming Kitten, according to GBHackers News.

Threat actors have used WhatsApp to send malicious messages purporting to be from legitimate organizations that lure recipients into clicking shortened URLs that redirect to credential- and other information-stealing websites, said the alert.

Other intrusions involved the distribution of illicit files for an expanded attack surface, according to researchers, who noted that msnl[.]lnk, which was tapped as a shortened URL service for the campaign, and the recycling of dynamic DNS services were linked to established APT42 attack techniques.

With APT42 leveraging persistent operational resources in its attacks, organizations have been advised to not only track for identified infrastructure links and indicators of compromise but also bolster WhatsApp-based social engineering awareness programs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds