Iranians Targeted In Massive Phishing Campaign

  /     /     /  
Publicated : 22/11/2024   Category : security


Iranians Targeted In Massive Phishing Campaign


Google spotted targeted attacks out of Iran against tens of thousands of Iranians in the run-up to the countrys presidential election on Friday



Google says it has detected and derailed several email-based phishing attacks targeting tens of thousands of Iranian users during the past few weeks in what appears to be a politically motivated campaign.
Eric Grosse, vice president of security engineering at Google, said in a blog post that for three weeks Google has been spotting and disrupting the phishing emails, which contain a link to a Web page that
spoofs a Google account maintenance option
. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password, Grosse said in the post.
Google says the attackers behind the campaign appear to be the same group behind the compromise of digital certificates
of former Dutch certificate authority DigiNotar
in 2011.
Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance, Grosse wrote.
The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday, he said.
In the wake of the DigiNotar breach in 2011, more than 500 rogue DigiNotar digital certificates were created for such high-profile domains as cia.gov, microsoft.com, Microsofts windowsupdate.com, and mozilla.org, as well as one posing as VeriSign Root CA. In addition, more than 300,000 IP addresses, mostly in Iran, were compromised, and the hacker who breached a Comodo reseller earlier this year claimed responsibility for the DigiNotar hack.
Grosse recommends that Iranian users run Chrome and two-step authentication, and verify the URL in the address bar before typing their Google passwords: https://accounts.google.com/. If the websites address does not match this text, please don’t enter your Google password, he said.
Protecting our users accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users, Grosse wrote.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Iranians Targeted In Massive Phishing Campaign