FBI Yang offers a new batch of information to the U.S. They arbitrarily investigate journalists, dissidents, and political opponents around the world.
The FBI attributes the attacks to Iranian intelligence services such as the Minister of Intelligence and Security (MOIS) and various threat groups operated by Iran’s Islamic Revolutionary Guard Corps, including Handala and Homeland Justice.
Attackers use Telegram as a command-and-control (C2) channel to remotely control infected devices. Social engineering is the primary attack vector that entices victims to run Trojan files that install Windows malware.
Once compromised, attackers can:
-
capture screenshots
-
exfiltrate files
-
collect intelligence
The FBI is calling attention to this MOIS cyber activity” in light of the increased geopolitical tensions in the Middle East and ongoing war. These malware campaigns have already led to data leaks, intelligence gathering, and media scandals. This warning comes on the heels of law enforcement actions this week, including the seizure of four domains that threat actors used to conduct their attacks and publi
The group had previously attacked medical company Stryker, resetting over 80,000 devices after stealing a Windows domain administrator account and abusing Microsoft Intune. In the meantime, according to the FBI, actors linked to Russian intelligence have been breaking into thousands of Signal and WhatsApp accounts through concurrent phishing campaigns against users.
Increasingly, messaging platforms are used as infrastructure for cyberattacks.d as cyberattack infrastructure. Chat services like Telegram, Signal, and others are now common Command and Control (C2) channels, making them harder to notice and enabling more options for attackers. Basic cybersecurity hygiene, as well as exercising care with files and links, are essential in this environment.
