When iran Hacking group APT35 Want to know if one of its digital decoys has been bitten, all it has to do is check Telegram. Whenever someone visits one of the fake websites they set up, a notification will appear in the public channel of the messaging service, detailing the IP address, location, device, browser, etc. of the potential victim.This is not a Push notification; it is Phishing notify.
Google’s Threat Analysis Team Overview As part of a broader study of APT35 (also known as Charming Kitten), the new technology is a state-funded organization that has been trying to get high-value targets to click on the wrong link and spit out their credentials for the past few years.Although APT35 is not the most successful or complex threat on the international stage-after all, this is the same set of accidents Hacking videos leaked for hours—— Their use of Telegram is an innovative wrinkle that can bring dividends.
The organization first used various methods to try to get people to visit their phishing pages. Google outlined some of the scenarios it has recently observed: British university websites were hacked, a fake VPN application briefly sneaked into the Google Play store, and phishing emails that hackers pretended to be the organizers of real conferences and tried to trap. They mark it with malicious PDFs, Dropbox links, websites, etc.
In the case of the university website, hackers directed potential victims to the infected page, which encouraged them to log in to the service provider of their choice—everything from Gmail to Facebook to AOL—to watch the webinar. If you enter your credentials, they will go directly to APT35, and it will also ask you to provide a two-factor authentication code. This is an ancient technology with a beard; APT35 has been running it since 2017 to target people in government, academia, national security and other fields.
The fake VPN is not particularly innovative, and Google stated that it launched the app from its store before anyone tried to download it. However, if someone is caught in this trick-or installs it on another platform that is still available-spyware can steal call logs, texts, location data, and contacts.
Frankly speaking, APT35 is not a fully accomplished person. Although they have convincingly impersonated officials of the Munich Security Conference and Think-20 Italy in recent years, this is also directly from Phishing 101. Said Ajax Bash, a security engineer at Google TAG. “Their success rate is actually very low.”