Threats Feed
- Public
IRGC-Linked Campaign Uses Fake Recruitment to Target Farsi Speakers Worldwide
Mandiant has uncovered an Iranian counterintelligence operation aimed at gathering data on Iranians and domestic threats potentially collaborating with foreign intelligence agencies, particularly in Israel. The operation involved fake recruitment websites, disseminated via social media, that lured Farsi-speaking individuals into providing personal and professional details. This data is likely used to identify and persecute Iranian dissidents, activists, and human rights advocates. The campaign, linked to Iran’s IRGC and APT42, operated from 2017 to 2024 and extends beyond Iran to target individuals connected to Syria and Hezbollah.
read more about IRGC-Linked Campaign Uses Fake Recruitment to Target Farsi Speakers Worldwide - Public
APT42’s Fake Support Agents on WhatsApp Target Political Officials
APT42 used fake WhatsApp accounts posing as technical support from AOL, Google, Yahoo and Microsoft companies to target individuals in Israel, Palestine, Iran, the United States and the United Kingdom. Targets included political and diplomatic officials, as well as public figures associated with the Biden and Trump administrations. The campaign, identified through user reports, included phishing attempts but did not result in account compromise. APT42 is known for phishing credential theft, with previous campaigns targeting public officials, activists and academics.
read more about APT42’s Fake Support Agents on WhatsApp Target Political Officials - Public
APT42’s Fake Support Agents on WhatsApp Target Political Officials
APT42 used fake WhatsApp accounts posing as technical support from AOL, Google, Yahoo and Microsoft companies to target individuals in Israel, Palestine, Iran, the United States and the United Kingdom. Targets included political and diplomatic officials, as well as public figures associated with the Biden and Trump administrations. The campaign, identified through user reports, included phishing attempts but did not result in account compromise. APT42 is known for phishing credential theft, with previous campaigns targeting public officials, activists and academics.
read more about APT42’s Fake Support Agents on WhatsApp Target Political Officials - Public
APT42 Targets Israeli and U.S. High-Profile Sectors with Sophisticated Phishing Campaigns
APT42 has intensified its phishing campaigns against Israel and the U.S., targeting high-profile individuals in the military, defense, diplomatic, academic, and NGO sectors. The group uses spearphishing emails, typosquatting domains, and social engineering tactics to harvest credentials and gain unauthorized access to accounts. Recent campaigns included the use of benign PDF attachments and phishing kits capable of bypassing multi-factor authentication.
read more about APT42 Targets Israeli and U.S. High-Profile Sectors with Sophisticated Phishing Campaigns