Threats Feed|Mint Sandstorm (Phosphorus)|Last Updated 05/08/2023|AuthorCertfa Radar|Publish Date28/10/2020

Phosphorus Targets Munich Security Conference and T20 Summit Attendees

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Spear Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/High Probability

Threat Overview

The Iranian threat actor Phosphorus targeted potential attendees of the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia through a series of cyberattacks. The attackers sent spoofed email invitations to former government officials, policy experts, academics, and leaders from non-governmental organizations. Their goal was intelligence collection, and they successfully compromised several high-profile individuals' accounts.

Detected Targets

TypeDescriptionConfidence
CaseMunich Security Conference
The Munich Security Conference is an annual conference on international security policy that has been held in Munich, Bavaria, Germany since 1963. Formerly named the Munich Conference on Security Policy, the motto is: Peace through Dialogue. It is the world's largest gathering of its kind. Munich Security Conference has been targeted by Phosphorus with abusive purposes.
Verified
CaseThink20 (T20)
The Think 20 (T20) is an engagement group of the G20 that brings together think tanks from around the world to contribute policy recommendations and advice to the G20 summit. Think20 (T20) has been targeted by Phosphorus with abusive purposes.
Verified
SectorHuman Rights
Medium
SectorJournalists
Medium
SectorPro-Democracy
High
SectorPolitical
High
RegionMiddle East Countries
High
RegionSaudi Arabia
Medium
RegionUnited States
Medium
RegionEuropean Countries
High

Extracted IOCs

  • de-ma[.]online
  • g20saudi.000webhostapp[.]com
  • ksat20.000webhostapp[.]com
  • munichconference1962@gmail[.]com
  • munichconference@outlook[.]com
  • munichconference@outlook[.]de
  • t20saudiarabia@gmail[.]com
  • t20saudiarabia@hotmail[.]com
  • t20saudiarabia@outlook[.]sa
download

Tip: 9 related IOCs (0 IP, 3 domain, 0 URL, 6 email, 0 file hash) to this threat have been found.