Categories: Uncategorized

Iranian APT Group Hacked Security Conference Attendees

Recently, in one of the reports, Microsoft asserted that they had detected some Iranian APT Phosphorous threat actors have hacked over 100 high-profile potential attendees of two international security and management conferences.

Microsoft has already started their work to stop the group of cybercriminals, as they are masquerading as organizers and targetting more than 100 high-profile individuals who belong to the conference organizers.

According to the report that has been affirmed by Microsoft, the Iranian hackers have successfully negotiated attendees of two global conferences. These global conferences include ambassadors and senior policy specialists.

However, the threat actor’s main motive was to steal all possible email credentials of the attendees. That’s why the threat actors have targeted the Munich Security Conference, as it is one of the most important gatherings on security for leaders of state and other world leaders.

This conference is being held annually for nearly 60 years, so T20 is a remarkably visible event that develops different policy ideas for the G20 nations and notifies all their significant studies.

Attacks not linked to the U.S. elections

The hackers are stealing all the organizers’ email credentials; that’s why the threat actors sent spoofed email offers between February and October 2020 to the former government executives, policy experts, academics, and officers from non-governmental foundations.  

Microsoft stated that the hackers were using accurate English in the spoofed emails and were masquerading as organizers of the Munich Security or the Think 20 (T20) conferences. On the other side, Brute, one of the security experts said that based on the current analysis, they do not believe that this activity is tied to the U.S. elections in any way.

Not only this, but Microsoft also affirmed that Phosphorus threat actors were spotted during May and June 2020 as they are trying to log into the accounts of both Trump campaign partners and U.S. admin leaders without much benefit.

Fake emails

The emails that are sent by the threat actors have come from fake conference organizers utilizing the email addresses:-

  • t20saudiarabia[@]
  • t20saudiarabia[@]
  • munichconference[@]

The threat actors use those credentials to log into the victims’ mailbox, to collect additional sensitive data, and thrust more such malicious attacks. The Iran-linked Phosphorus hacking group has conducted several waves this year by targeting both Trump and Biden’s campaign staffers with phishing attacks.

Attendees who might have been targeted in these initiatives are recommended to analyze and recheck any email-forwarding rules. By doing this, they can find any place that might have ones set during a successful hack of their email accounts.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Published by
Balaji N

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago