Proofpoint: Cyber ​​espionage, TA453 launches a series of attacks against several Western personalities, all specialized in the analysis of public policies in the Middle East

Proofpoint cybersecurity researchers have published new intelligence on the activities of the TA453 group, a threat actor linked to the Iranian state, and also known as “Charming Kitten”, “PHOSPHORUS” or “APT42”. .

The group has been observed targeting individuals specializing in the analysis of public and political affairs in the Middle East, nuclear security and genome research.

Extremely well-targeted attacks were perpetrated using malicious emails using multiple fake characters. The authors, posing as foreign policy researchers from real institutes in the West, were able to take advantage of new tactics

social engineering to obtain confidential information for Iran’s Islamic Revolutionary Guard Corps.

TA453 has been observed creating and using multiple personas in each spear-phishing attack, taking advantage of the psychological principle of social proof (when one does not know how to do or how to act in a situation, one will tend to reproduce the behavior of people around us) to attack its targets and increase the authenticity of its exchanges.

Characters parodied by TA453 include real individuals from the PEW Research Center, the Foreign Policy Research Institute (FRPI), Chatham House in the UK, and the scientific journal Nature, to target individuals with information about Israel and the states of the Gulf, the Abraham Accords and nuclear arms control in relation to a potential confrontation between the United States and Russia.

Proofpoint believes that TA453 operates in support of the Islamic Revolutionary Guard Corps (IRGC) cyber espionage campaigns aimed at stealing sensitive data and intelligence.

Sherrod DeGrippo, Vice President of Research and Threat Detection at Proofpoint, commented, “State-aligned threat actors are among the best at crafting well-thought-out social engineering campaigns and reaching their victims. designated. In this case, our researchers saw the Iran-aligned actor TA453 step up their game using multi-person impersonation, capitalizing on social proof, to get their target to fall for it. . For Sherrod, “this is really an unusual technique because it requires a lot more resources specific to each target – which believable ‘character’ to choose without burning yourself out – and it also requires a coordinated approach between the different personalities. used by TA453. DeGrippo therefore recommends that “researchers involved in international security, particularly those specializing in Middle Eastern studies or nuclear security, should maintain a heightened sense of awareness when receiving unsolicited emails. For example, experts who are approached by journalists should check the publication’s website to see if the email address belongs to a legitimate journalist. »

Proofpoint: Cyber ​​espionage, TA453 launches a series of attacks against several Western personalities, all specialized in the analysis of public policies in the Middle East