Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Pose as Journalists for Attacks

May 1, 2024
Reading Time: 3 mins read
in Alerts
Hackers Pose as Journalists for Attacks

Iranian state-backed threat actor APT42 has been employing sophisticated social engineering attacks to breach corporate networks and cloud environments. Disguising themselves as journalists, NGO representatives, or event organizers, APT42 uses spear-phishing techniques to trick their targets into clicking malicious links. These links direct victims to fake login pages that mimic legitimate services like Google and Microsoft, harvesting their account credentials and multi-factor authentication tokens.

Once APT42 gains access, they deploy custom backdoors named Nicecurl and Tamecat. Nicecurl, a VBScript-based backdoor, enables command execution, payload downloading, and data mining, while Tamecat, a PowerShell backdoor, offers extensive system manipulation capabilities. These tools allow APT42 to execute commands, exfiltrate data, and maintain a persistent presence in the victim’s environment. The attackers carefully use built-in cloud tool features and clear browsing histories to evade detection, making their actions blend seamlessly with normal operations.

APT42 has been active since at least 2015, targeting a range of organizations, including NGOs, media outlets, educational institutes, activists, and legal services, primarily in Western and Middle Eastern regions. Their tactics include using typosquatted domains to pose as reputable media organizations such as the Washington Post and The Economist. Once trust is established with the victim, they send links to decoy documents, leading to credential harvesting and malware deployment.

Security researchers from Google and other firms have been tracking APT42’s activities, highlighting the need for robust cybersecurity measures. Organizations are advised to stay vigilant, educate their employees about social engineering tactics, and ensure their systems are up-to-date with the latest security patches. Detailed indicators of compromise (IoCs) and YARA rules for detecting Nicecurl and Tamecat are available in Google’s comprehensive report on APT42’s recent campaigns.

Reference:
  • Iranian Hackers Use Social Engineering to Breach via Fake Journalist Personas

Tags: APT42Cyber AlertCyber Alerts 2024Cyber RiskCyber threatIranMay 2024
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial