Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East.
“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft.
The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.
“Operators associated with this subgroup of Mint Sandstorm are patient and highly skilled social engineers whose tradecraft lacks many of the hallmarks that allow users to quickly identify phishing emails. In some instances of this campaign, this subgroup also used legitimate but compromised accounts to send phishing lures,’’ says Microsoft.
Since November 2023, Microsoft has seen PHOSPHORUS, a distinct subset of Mint Sandstorm, targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. Mint Sandstorm uses bespoke phishing lures to tempt socially engineered targeted individuals into downloading malicious files.
Iran hackers pose as news journalists
Microsoft also reports Iran-backed hackers at Mint Sandstorm have recently been posing as high-profile individuals, including journalists. The hackers used an email address spoofed to resemble a personal email account belonging to a journalist at a well-known news outlet whom they were impersonating. Then they sent benign emails to targeted individuals, falsely requesting input for an article about the Israel-Hamas war.
The aim of the Iran-backed hacking campaign is believed to be to spread misinformation and anti-western propaganda regarding Iran’s ongoing involvement in the war now being conducted against Israel and its allies by Iran-backed terrorist groups Hamas, Hezbollah, and Houthis.