iOS VPN App
Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
New research has shown the flexibility of threat actors to rapidly iterate attack patterns in order to bypass security controls.
An investigation from security firm Proofpoint into a recent attack targeting a nuclear security expert at a US-based think tank revealed how well-resourced attackers change tactics on the fly to compromise different machines.
After realising their initial payload wouldn’t work on a Mac, they quickly pivoted to new techniques known to work on targets who used Apple hardware.
The sophisticated operation saw skilled threat actors devise a seemingly benign e-mail chain with the high-profile target and continue the conversation over the course of weeks to build trust and rapport, exploiting that to launch further attacks.
How the attack unfolded
The mid-May 2023 attack came from TA453, an Iranian state-affiliated threat actor, also tracked under the monikers: Charming Kitten; APT42; Mint Sandstorm; and Yellow Garuda, and saw them posing as members of the Royal United Services Institute (RUSI).
Using a multi-persona approach, the attackers – known for conducting espionage operations – started an e-mail chain with the target seemingly seeking feedback on a project titled ‘Iran in the Global Security Context’.
The attackers sent multiple messages from different accounts, all referencing each other to generate a feeling of authenticity – a technique seen before in e-mail hijacking campaigns.
After a single seemingly benign interaction, a…