Threat InsightOn February 29, the U.S. Department of Justice unsealed an indictment against Alireza Shafie Nasab and other conspirators who were members of a hacking organization that participated in a coordinated multi-year campaign to conduct computer intrusions. https://www.justice.gov/usao-sdny/pr/us-attorney-announces-charges-against-iranian-national-multi-year-cyber-campaign
During this time, Mahak Rayan Afraz (MRA), a Tehran-based front company, employed Nasab. Proofpoint attributes MRA to TA456, an Iranian-aligned threat actor conducting cyber espionage operations.
The group’s private sector victims were primarily cleared defense contractors. In addition to spear phishing, the U.S. DOJ alleges the conspirators utilized social engineering to obtain the confidence of victims.
These social engineering contacts were another means for the group to deploy malware onto victim computers and compromise those devices and accounts.
We have been tracking #TA456 for years. The actor often uses current event themes, trending topics and fake personas to entice users to click on malicious links. The recent U.S. DOJ indictment further validates Proofpoint’s attribution of this activity to TA456 and MRA.
For more info on past TA456 activity, including its attempt to infect the machine of an aerospace defense contractor with malware visit https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media?utm_medium=social_organic.
For more info about the persona network disrupted by Facebook, you can visit https://about.fb.com/news/2021/07/taking-action-against-hackers-in-iran/.
U.S. Attorney Announces Charges Against Iranian National For Multi-Year Cyber Campaign Targeting U.S. Defense Contractors And Private Sector Companies
Damian Williams, the United States Attorney for the Southern District of New York; Matthew G. Olsen, the Assistant Attorney General for National Security; Bryan Vorndran, the Assistant Director of the Cyber Division of the Federal Bureau of Investigation (“FBI”); and James Smith, the Assistant Director in Charge of the New York Field Office of the FBI, announced today the unsealing of an Indictment charging Iranian citizen and resident ALIREZA SHAFIE NASAB for his involvement in a cyber-enabled campaign to compromise U.S. government and private entities, including the U.S. Departments of the Treasury and State, defense contractors, and two New York-based companies.
Yoshi 