There is a hacking campaign taking place – from the Iranian government aimed at U.S. organizations and government workers.
They have been linked to a cyber-espionage group codenamed APT34, or OilRig, a six-year-old hacker group acting in the interests of the Iranian government.
As a reminder – we helped break the news of the Iranian APT33 group last July.
Iranian hacking doesn’t stop – it just becomes more advanced and targeted.
The recent hacking attempts consist of a cleverly orchestrated spear-phishing campaign, according to a report published today by cyber-security firm Intezer Labs.
The spear-phishing emails mimic Westat surveys. Westat is a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, for at least 16 years, querying federal workers on working conditions, management, and job satisfaction.
Intezer says that APT34 has been sending out fake Westat-looking emails that distribute boobytrapped surveys as Excel spreadsheets.
These malicious spreadsheets have been upgraded – showing the Iranians have been hard at work as they target government organizations and others.
Protecting users from spear-phishing can be a challenge, those targeted need to be vigilant. Generally speaking, the more an attacker knows about the target – the easier it is for them to get the user to click or give their information. Often, this is accomplished by sending something targeted and familiar to the user.
Some years back the OPM hack of 22 million records gave access to the hacking community the intimate details – sexual history, family members and more of government workers. The Chinese performed the hack but it is unknown how widespread this information has gone underground. Perhaps the Russians, Iranians and others have access to this data. If so – they know more about government workers than many spouses do. Sadly, such information allows for easier targeting.
This is why workers in the government need to be vigilant.
People outside the government should be alert as well. It is difficult to fathom how much of their personal information is available in marketing databases and on the dark web. Both can be used – merged together, in order to produce a profile of targeted users.
County music fans could be sent targeted spear-phishing emails, appealing to their interests and so on.
Before opening a malicious email, users need to be trained using phishing simulation services like PHISH360 so they become educated with instructional emails, not malicious ones. If a user opens or clicks on links in a phishing simulation email campaign, they are generally sent to a page that trains them. It is crucial to continuously train workers because a moment of weakness, forgetfulness or fatigue may allow hackers onto the network and information to leak out.
Cybersecurity is a complex space but phishing and spear-phishing are such common attack points that every organization needs to lock these areas down FIRST. That is where phishing simulation comes in.
Most services in the space start at free or are low cost. Not using such a service is corporate malpractice.
For IT service and tech support in Manhattan, New York, Connecticut and beyond, contact 5-star and award-winning Apex Technology Services and keep your organization protected.