Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Pose as Journalists for Attacks

May 1, 2024
Reading Time: 3 mins read
in Alerts
Hackers Pose as Journalists for Attacks

Iranian state-backed threat actor APT42 has been employing sophisticated social engineering attacks to breach corporate networks and cloud environments. Disguising themselves as journalists, NGO representatives, or event organizers, APT42 uses spear-phishing techniques to trick their targets into clicking malicious links. These links direct victims to fake login pages that mimic legitimate services like Google and Microsoft, harvesting their account credentials and multi-factor authentication tokens.

Once APT42 gains access, they deploy custom backdoors named Nicecurl and Tamecat. Nicecurl, a VBScript-based backdoor, enables command execution, payload downloading, and data mining, while Tamecat, a PowerShell backdoor, offers extensive system manipulation capabilities. These tools allow APT42 to execute commands, exfiltrate data, and maintain a persistent presence in the victim’s environment. The attackers carefully use built-in cloud tool features and clear browsing histories to evade detection, making their actions blend seamlessly with normal operations.

APT42 has been active since at least 2015, targeting a range of organizations, including NGOs, media outlets, educational institutes, activists, and legal services, primarily in Western and Middle Eastern regions. Their tactics include using typosquatted domains to pose as reputable media organizations such as the Washington Post and The Economist. Once trust is established with the victim, they send links to decoy documents, leading to credential harvesting and malware deployment.

Security researchers from Google and other firms have been tracking APT42’s activities, highlighting the need for robust cybersecurity measures. Organizations are advised to stay vigilant, educate their employees about social engineering tactics, and ensure their systems are up-to-date with the latest security patches. Detailed indicators of compromise (IoCs) and YARA rules for detecting Nicecurl and Tamecat are available in Google’s comprehensive report on APT42’s recent campaigns.

Reference:
  • Iranian Hackers Use Social Engineering to Breach via Fake Journalist Personas

Tags: APT42Cyber AlertCyber Alerts 2024Cyber RiskCyber threatIranMay 2024
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial