COBALT ILLUSION Impersonates Think Tank Staff to Target Middle Eastern Affairs
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Spear Phishing
- Attack Complexity: Medium
- Threat Risk: Low Impact/High Probability
Threat Overview
The Secureworks report details a phishing campaign by the Iranian threat group COBALT ILLUSION, which used a fake Atlantic Council employee, "Sara Shokouhi", to target researchers working on human rights in Iran. The campaign used stolen imagery and a fake online presence to build rapport before attempting to steal credentials or deploy malware. This tactic mirrors previous COBALT ILLUSION operations, highlighting the consistent use of sophisticated social engineering and data harvesting techniques to gather intelligence on behalf of the Iranian government. The report provides indicators of compromise (IOCs) to help mitigate further attacks.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Sector | Human Rights | High |
| Sector | Researchers | High |
| Region | Iran | High |
| Region | United States | High |
| Region | European Countries | High |
Extracted IOCs
- bonny-marvels-authentic[.]top
- compact-miracle-abounds[.]top
- funeral-engineering-expression[.]top
- live-redirect-system[.]top
- node-dashboard[.]site
- node-panel[.]site
- progress-captivate-amply[.]top
- review-status-plan[.]online
- sincerely-sensation-outdo[.]top
- stellar-stable-faith[.]top
- 148[.]251.130.18
- 46[.]4.95.242
- 88[.]198.96.210
- 88[.]198.96.211
- 88[.]198.96.213
- 88[.]198.96.214
Tip: 16 related IOCs (6 IP, 10 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.