The National Cyber Security Centre (NCSC) has warned that Iran-linked hackers are using social engineering to target government officials, lobbyists, and others.
In a joint advisory with the FBI, the NCSC said hackers working for Iran's Revolutionary Guard Corps (IRGC) are carrying out spear phishing attacks against people with links to Iranian and Middle Eastern affairs.
They've been impersonating victims' contacts via email and messaging platforms, thereafter asking them to share user credentials via a false email account login page. This allows the attacker to gain access to victims’ accounts, exfiltrate and delete messages, and set up email forwarding rules.
They tailor their approach on an individual basis, according to the NCSC, impersonating business associates or family members, journalists purportedly looking for interviews, conference organizers, embassy staff, and others.
"The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs," said NCSC director of operations Paul Chichester.
"With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim."
FBI, NCSC offer advice for potential targets
The FBI said signs to look out for include suspicious logins from foreign or domestic IP addresses; the creation of message handling rules to forward emails and prevent victims from receiving notifications of the compromise; the connection of unknown devices, applications, or accounts to a victim account; exfiltration and deletion of messages; and attempts to access other victim accounts.
Meanwhile, the NCSC is advising potential victims to follow its guidance for high-risk individuals, adding that anyone facing a higher risk of targeting due to their work or public status can sign up for two opt-in cyber defense services managed by the center.
These are an Account Registration service that alerts individuals if the NCSC becomes aware of a cyber incident impacting a personal account, and a Personal Internet Protection service that helps prevent spear-phishing by blocking access to known malicious domains.
"I strongly encourage those at higher risk to stay vigilant to suspicious contact and to take advantage of the NCSC’s free cyber defense tools to help protect themselves from compromise," Chichester said.
Back in 2019, the US Department of State designated the IRGC as a foreign terrorist organization that aimed to steal US policy information and weaken confidence in the country's electoral processes.
And alongside this alert, the FBI also said that it had indicted three IRGC cyber actors for a 'hack-and-leak' operation which stole material from the Trump presidential campaign and leaked it to the Democratic campaign in an attempt to influence the upcoming presidential election.
"The conduct laid out in the indictment is just the latest example of Iran’s brazen behavior," said FBI director Christopher Wray. "So today the FBI would like to send a message to the government of Iran – you and your hackers can’t hide behind your keyboards."
More from ITPro
