"Korg" in Action: How TA453 Leveraged Multi-Persona Impersonation in Spear Phishing
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Malicious Macro,Spear Phishing
- Attack Complexity: Medium
- Threat Risk: Low Impact/High Probability
The Iran-aligned threat actor TA453 has introduced a novel technique known as Multi-Persona Impersonation (MPI) to its spear-phishing campaigns. This method involves the simultaneous use of multiple false identities to enhance the credibility of their social engineering attacks. Alongside MPI, TA453 uses a malicious Word document exploiting Remote Template Injection, codenamed "Korg," to exfiltrate data.
Chatham House is a world-leading policy institute with a mission to help governments and societies build a sustainably secure, prosperous and just world. Chatham House has been targeted by TA453 with abusive purposes.
|Case||Foreign Policy Research Institute|
The Foreign Policy Research Institute is an American think tank based in Philadelphia, Pennsylvania, that conducts research on geopolitics, international relations, and international security in the various regions of the world and on ethnic conflict, U.S. national security, terrorism, and on think tanks themselves. Foreign Policy Research Institute has been targeted by TA453 with abusive purposes.
Nature Biotechnology is a monthly peer-reviewed scientific journal published by Nature Portfolio. The editor-in-chief is Barbara Cheifet who heads an in-house team of editors. The focus of the journal is biotechnology including research results and the commercial business sector of this field. Nature Biotechnology has been targeted by TA453 with abusive purposes.
|Case||PEW Research Center|
The Pew Research Center is a nonpartisan American think tank based in Washington, D.C. It provides information on social issues, public opinion, and demographic trends shaping the United States and the world. PEW Research Center has been targeted by TA453 with abusive purposes.
|Region||Middle East Countries||Medium|
Tip: 3 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 2 file hash) to this threat have been found.