UPDATE September 22: We have made some edits to this blog. An earlier version inaccurately described the links to the Elfin group as "strong".
The U.S. government has indicted three Iranian nationals on charges related to cyber attacks against aerospace and satellite technology companies. Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati are alleged to have carried out a string of attacks between 2015 and 2019 which resulted in the theft of sensitive commercial information, intellectual property, and personal data from targeted organizations.
According to the indictment, Arabi is a member of Iran’s Islamic Revolutionary Guard Corps (IRGC) and carried out the attacks with Espargham and Bayati on behalf of the IRGC. Espargham is alleged to be the leader of an Iranian hacking group known as the Iranian Dark Coders Team, while Bayati is alleged to be a malware developer who shared tools with Arabi and Espargham.
The men are said to have obtained the names of individuals working in the aerospace and satellite industry, created fake accounts in their names, and used them to send spear-phishing emails to targeted organizations. If victims clicked on a malicious link within the email, malware would be installed on their computers. Once on the victim’s network, the attackers would escalate privileges, steal credentials, move laterally across the network, and deploy further malware on computers before exfiltrating data.
Possible Elfin link?
Although not referenced specifically in the indictment, the attacks appear to have some links to the Elfin (aka APT33) cyber espionage group. Aside from the fact that the targets and tactics described in the indictment closely resemble Elfin activity observed by Sym ..
Support the originator by clicking the read the rest link below.
