Researchers Learn from ITG18 Group's OpSec Mistakes

 

A team of IBM X-Force security experts analyzed attackers' operational security mistakes to disclose the core details of how the group functions and launches attacks in their analysis of a group known as ITG18, also identified as Charming Kitten and Phosphorous. ITG18 has a history of targeting high-profile victims, journalists, nuclear experts, and persons working on the COVID-19 vaccine research. It is linked to Iranian government operations. It was related to an assault in late 2019. Richard Emerson, senior threat hunt analyst with IBM X-Force stated, "How we define this group is they're primarily focused on phishing and targeting personal accounts, although there's evidence that they may also go after corporate accounts as well." Based on the amount of infrastructure it has registered, researchers believe it to be a "rather sizable organization" - Emerson adds that they have over 2,000 indicators connected to this group alone during the last couple of years. According to Allison Wikoff, a senior strategic cyber-threat analyst at IBM X-Force, the team achieved "a major breakthrough" in studying ITG18 behavior while examining an attack on executives at a COVID-19 research center. Researchers collected indicators that are linked with attackers' activities on a regular basis; when investigating ITG18's activity, the team discovered flaws in the attackers' infrastructure, resulting in a plethora of fresh information. "When we saw this open server, we collected videos and exfiltrated information. Over the course of the last 18 months, we've continually seen the same errors from this group," she added. Researchers discovered training videos used by the group among the data they gathered. These details include how the organization maintains access to hacked email accounts, how attackers exfiltrate data, and how the ..

Support the originator by clicking the read the rest link below.