⚠️ A new day and a new fake account from Iranian state-backed hackers!
In the continuation of the recent campaign of #APT42, this hacking group has started sending phishing links via a new fake account (@mona_louri - ID: 2249072423) to different targets.
Related IOCs:
136.243.236[.]68
136.243.236[.]72
144.76.115[.]28
144.76.115[.]37
honest-halcyon-fresher[.]buzz
ksview[.]top
besview[.]top
mtvisiion[.]top
hilivisiion[.]top
beeasaze[.]top
myvidsdomain[.]com
vidsname[.]com
myviddomain[.]com
myvidname[.]com
The related report about the recent campaign of #APT42 by @secureworks:
https://t.co/S1UW0c0W2J
cc: @TwitterSafety
⚠️ Beware of fake accounts of Iranian state backed hackers on Twitter. They usually send phishing links via DM and you must not click on these links under any circumstances.
user_id: 1581246833887698944
URGENT SECURITY ALERT:
Iranian Revolutionary Guards intelligence has initiated a phishing campaign targeting individuals abroad who are involved in Iran-related activities. The current attack specifically targets WhatsApp users. Do not click on suspicious links.
A detailed report about activities of #APT42 on @LinkedIn as we previously published a report about them at @certfalab. #infosec
https://t.co/5YEdehtkdv
⚠️ A new day and a new fake account from Iranian state-backed hackers!
In the continuation of the recent campaign of #APT42, this hacking group has started sending phishing links via a new fake account (@mona_louri - ID: 2249072423) to different targets.
Related IOCs:
136.243.236[.]68
136.243.236[.]72
144.76.115[.]28
144.76.115[.]37
honest-halcyon-fresher[.]buzz
ksview[.]top
besview[.]top
mtvisiion[.]top
hilivisiion[.]top
beeasaze[.]top
myvidsdomain[.]com
vidsname[.]com
myviddomain[.]com
myvidname[.]com
The related report about the recent campaign of #APT42 by @secureworks:
https://t.co/S1UW0c0W2J
cc: @TwitterSafety
✍️An important update regarding the phishing kit of #APT24 that we were not seen, at least in our samples before this campaign: When the targets type their password on the phishing page in the password input box, the hackers get a copy of it simultaneously, even if the victim does not click on the Next/Submit button.
⚠️ A new day and a new fake account from Iranian state-backed hackers!
In the continuation of the recent campaign of #APT42, this hacking group has started sending phishing links via a new fake account (@mona_louri - ID: 2249072423) to different targets.
Related IOCs:
136.243.236[.]68
136.243.236[.]72
144.76.115[.]28
144.76.115[.]37
honest-halcyon-fresher[.]buzz
ksview[.]top
besview[.]top
mtvisiion[.]top
hilivisiion[.]top
beeasaze[.]top
myvidsdomain[.]com
vidsname[.]com
myviddomain[.]com
myvidname[.]com
The related report about the recent campaign of #APT42 by @secureworks:
https://t.co/S1UW0c0W2J
cc: @TwitterSafety
⚠️ Beware of fake accounts of Iranian state backed hackers on Twitter. They usually send phishing links via DM and you must not click on these links under any circumstances.
user_id: 1581246833887698944
مقاله سایت هکزنیوز درباره اکانتی جعلی تحت نام سارا شکوهی که توسط عوامل رژیم جمهوری اسلامی جهت ارسال پیامهای حاوی بدافزار برای شناسایی و #هک حسابهای کاری مخالفین رژیم مورد استفاده قرار میگرفت.
هزاران هزار اکانت فعال مشابه وجود دارد.
مراقب باشیم...
https://t.co/PaIMG22edk
⚡️حساب زیر در توییتر مربوط به هکرهای سازمان اطلاعات سپاه پاسداران جمهوری اسلامی است و اخیرا تلاش کردند تا شرکت کنندگان نشست چند هفته پیش حقوق بشر #ایران در #اسلو را مورد حمله قرار دهند و به ایمیلهای آنها نفوذ کنند.
#APT35#CharmingKitten https://t.co/OCnGVmVejL
⚠️ Beware of fake accounts of Iranian state backed hackers on Twitter. They usually send phishing links via DM and you must not click on these links under any circumstances.
user_id: 1581246833887698944
🧵 @RecordedFuture published a report about the cyber ops of #APT42 in November. @certfalab has seen the same op is still active, and in one case, in which they failed, they tried to hack a @gmail account of a journalist based in Israel.
https://t.co/vf8RWQbJbb
In this operation, they impersonated a prominent scholar, contacted the journalist via @WhatsApp, and wrote a message in Hebrew. Then, they offered the target to check a document (a phishing page) before a video call to discuss a topic.
به گفته باب دیاچنکو، دادههای کاربران وبسایت «برق من»، شامل نام، شماره موبایل، ایمیل، میزان برق مصرفی و... (۴۸۴ هزار رکورد اطلاعاتی) دچار نقض اطلاعی شده و در دسترس عموم قرار گرفته است.
سایت برق من، پرتال رسمی استعلام و پرداخت قبض برق شرکتهای توزیع نیروی برق ایران است.