29 October 2020

Iranian hackers targeted “high profile” security conference attendees


Iranian hackers targeted “high profile” security conference attendees

Microsoft said it detected a series of cyber-attacks aimed at more than 100 high-profile potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia. The culprit behind the attacks was identified as Phosphorus (aka APT35 or Newscaster Team), an Iran-linked threat actor that typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, aw well as organizations in the media, energy, engineering, business services and telecommunications sectors.

APT35, which has been active since at least 2013, primarily targets individuals and entities of strategic interest to the Iranian government using phishing attacks and email compromise operations.

The attacks involved spoofed emails with invitations ostensibly sent from organizers of the Munich Security Conference, one of the main global security and policy conferences attended by heads of state, and the Think 20 Summit in Saudi Arabia, scheduled for later this month. According to Microsoft, emails were written in “nearly perfect English” and were sent to former government officials, policy experts, academics and leaders from non-governmental organizations.

“Phosphorus helped assuage fears of travel during the Covid-19 pandemic by offering remote sessions,” Microsoft said.

In several instances the Phosphorus group has managed to compromise their targets, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries. Microsoft did not dive into details regarding the purpose behind these attack, only said that “Phosphorus is engaging in these attacks for intelligence collection purposes.”

“We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events,” Microsoft added.

Earlier this year, APT35 accidentally exposed 40 GB of data including video footage of themselves conducting hacking operations due to a misconfiguration of security settings on a virtual private cloud server. The video demonstrated how the hackers access compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrate other Google-hosted data from victims.

Back to the list

Latest Posts

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

An employee of the Albert Einstein Hospital uploaded on his personal GitHub account a spreadsheet containing usernames, passwords, and access keys to electronic systems of the Ministry of Health.
27 November 2020
Sophos security breach exposes customers’ data

Sophos security breach exposes customers’ data

The company said that the incident affected "only a small subset of customers."
27 November 2020
3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

The gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017.
26 November 2020