A telegram bot told Iranian hackers when they hit.

When Iranian. The hacking group APT35 wants to know if any of its digital greed has been bitten, all it has to do is check the telegram. Whenever a copycat visits any of the sites it has set up, a notification appears in a public channel on the messaging service, including the potential victim’s IP address, location, device, browser and more. Is described. This is not a push notification. This is a fish notification.

Google’s Threat Analysis Group outlined the novel’s technique as part of a broader look at APT35, also known as Charming Kitten, a state-sponsored group that cracked down on the wrong link and coughing. Has spent the past several years trying to achieve high-value targets. Increase their credentials. And while APT35 isn’t the most successful or sophisticated threat on the international stage – it’s the same group that accidentally leaked videos of their hacking hours – using the telegram as a whistleblower. Came up with a way to make a profit. .

This group uses a variety of methods to get people to look at their phishing pages in the first place. Google outlines some of the scenarios it has seen recently: a compromise on the UK University website, a fake VPN app that briefly infiltrated the Google Play Store, and phishing emails in which hackers were real Pretend to be conference organizers, and try to get stuck. Their markings are based on malicious PDFs, Dropbox links, websites and more.

In the case of the university’s website, hackers take potential victims to a compromise page, which encourages them to log in with the service provider of their choice – from Gmail to Facebook to AOL. Everything is on offer to watch the webinar. If you enter your credentials, they go straight to APT35, which also asks you for a two-factor verification code. This is such an old technique that it is whispered. APT35 has been running it since 2017 to target people in government, educational institutions, national security and more.

The phishing page was hosted on a compromised website.

Thanks to Google TAG.

Fake VPNs aren’t particularly up-to-date, and Google says it booted the app from its store before anyone could download it. If someone was tricked, however – or installs it on another platform where it is now available – spyware can steal call logs, texts, location data and contacts.

To be honest, APT35 is not an overcurrent at all. Although in recent years he has reassured officials at the Munich Security Conference and Think 20 Italy, he too is out of the fishing 101. Ajax Bosch, Google Tag’s security engineer, says the actor has a level of success. “Their success rate is actually very low.”


Write a Comment

Your email address will not be published. Required fields are marked *