Threats Feed
- Public
Mia Ash: Anatomy of a cyber espionage persona, COBALT GYPSY lures middle eastern targets
The article "The Curious Case of Mia Ash" by SecureWorks details a sophisticated cyber espionage campaign. This campaign involved a fake online persona named Mia Ash, created by the threat group COBALT GYPSY, which is associated with Iranian cyber operations. Mia Ash was used to establish relationships with employees in targeted organizations, primarily in the Middle East and North Africa. The persona, active across various social media platforms, was instrumental in delivering malware through seemingly innocent interactions. The case underlines the increasing complexity of cyber threats where social engineering and fake identities are employed to breach security systems.
read more about Mia Ash: Anatomy of a cyber espionage persona, COBALT GYPSY lures middle eastern targets - Public
COBALT GYPSY's Yet Another PupyRAT-driven Phishing Campaign
SecureWorks researchers identified a phishing campaign targeting a Middle Eastern organization in January 2017, linked to COBALT GYPSY (Aka OilRig). The attackers employed spear-phishing emails containing shortened URLs redirecting to spoofed domains. Victims were presented with a malicious Microsoft Office document, which executed PowerShell commands when opened, installing PupyRAT, a multi-platform remote access trojan (RAT).
read more about COBALT GYPSY's Yet Another PupyRAT-driven Phishing Campaign