Threats Feed|TA453|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date13/09/2022

"Korg" in Action: How TA453 Leveraged Multi-Persona Impersonation in Spear Phishing

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Malicious Macro,Spear Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/High Probability

Threat Overview

The Iran-aligned threat actor TA453 has introduced a novel technique known as Multi-Persona Impersonation (MPI) to its spear-phishing campaigns. This method involves the simultaneous use of multiple false identities to enhance the credibility of their social engineering attacks. Alongside MPI, TA453 uses a malicious Word document exploiting Remote Template Injection, codenamed "Korg," to exfiltrate data.

Reference and Credit: Proofpoint - September 2022

Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO

Detected Targets

TypeDescriptionConfidence
CaseChatham House
Chatham House is a world-leading policy institute with a mission to help governments and societies build a sustainably secure, prosperous and just world. Chatham House has been targeted by TA453 with abusive purposes.
Verified
CaseForeign Policy Research Institute
The Foreign Policy Research Institute is an American think tank based in Philadelphia, Pennsylvania, that conducts research on geopolitics, international relations, and international security in the various regions of the world and on ethnic conflict, U.S. national security, terrorism, and on think tanks themselves. Foreign Policy Research Institute has been targeted by TA453 with abusive purposes.
Verified
CaseNature Biotechnology
Nature Biotechnology is a monthly peer-reviewed scientific journal published by Nature Portfolio. The editor-in-chief is Barbara Cheifet who heads an in-house team of editors. The focus of the journal is biotechnology including research results and the commercial business sector of this field. Nature Biotechnology has been targeted by TA453 with abusive purposes.
Verified
CasePEW Research Center
The Pew Research Center is a nonpartisan American think tank based in Washington, D.C. It provides information on social issues, public opinion, and demographic trends shaping the United States and the world. PEW Research Center has been targeted by TA453 with abusive purposes.
Verified
SectorMedical
Verified
SectorPolitical
High
SectorScientific Research
Verified
RegionUnited Kingdom
Medium
RegionUnited States
Medium
RegionMiddle East Countries
Medium

Extracted IOCs

  • 354pstw4a5f8.filecloudonline[.]com
  • 16a961475a88313478bc2406d6b442be9809e64ea9e2a4754debcce9200cf36b
  • f6456454be8cb77858d24147b1529890cd06d314aed70c07fc0b5725ac84542b
download

Tip: 3 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 2 file hash) to this threat have been found.

About Affiliation
TA453
View TA453's Insights