Hacking group based in Iran continues to target US citizens, Google reports
A recent blog post from Google’s Threat Analysis Group has detailed the methods an Iranian hacking group known as APT35 uses to target high-value individuals. APT35, which also operates as Ajax Security team, Charming Kitten, and Phosphorus, has been targeting politicians, NGOs, government institutions, journalists, and academia since 2017. The group has also tried to target former US President Donald Trump’s election campaign staff during the 2020 elections.
Among the many methods that APT35 uses, phishing attacks using malicious links are the most common. For instance, in early 2021, APT35 infiltrated a website associated with a UK university. The group then placed a phishing kit on the website to gather user credentials and started emailing users a link to the website. The users were asked to log in using the link for attending a fake webinar.
APT35 also tried to upload spyware masked as a VPN client to the Google Play Store. If installed on the phone, the app could collect SMS and call records, location information, and contacts. Google foiled the attempt by removing the app from the Play Store.
Aside from APT35, Google’s Threat Analysis Group has been tracking 270 independent and government-backed hacking groups from 50 countries around the world. This has allowed Google to warn possible targets before attacks happen. In 2021 alone, the Threat Analysis Group sent 50,000 warning messages to users who were at risk of phishing attacks.