Suspected Iran-linked threat actors have launched intrusions aimed at Iranians supportive of anti-government protests as part of a new cyberespionage campaign that commenced in early January, according to The Record, a news site by cybersecurity firm Recorded Future.Attackers may have used spear-phishing or social engineering tactics to deliver an illicit archive containing legitimate protest footage, a Farsi-language report on the protests, and two files purporting to be a video and an image that deployed the novel CRESCENTHARVEST information-stealing malware and remote access trojan, a report from Acronis showed. CRESCENTHARVEST not only facilitated command execution, keystroke logging, and data exfiltration but also determined antivirus software installations for customized actions."Amid ongoing political turmoil, this campaign appears specifically crafted to target Farsi-speaking Iranians sympathetic to the protests, though activists, journalists, and others seeking reliable information from within Iran may also be at risk," said researchers, who noted the intrusions to potentially be targeted more at Iranians abroad.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds