Google’s Threat Analysis Group (TAG) has raised concerns about an increase in phishing attacks by APT42, a group linked to the Iranian government. This group is reportedly focusing on users in Israel and individuals connected to the US presidential election, using credential phishing tactics to steal sensitive information.
Targeted Individuals and Entities
APT42, associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), has been targeting high-profile individuals in Israel and the US. These targets include current and former government officials, political campaigns, diplomats, and people working in think tanks, NGOs, and academic institutions involved in foreign policy discussions. According to Google, around 60% of APT42’s known attacks in the past six months have been aimed at the US and Israel.
Phishing Tactics
The group employs various methods to execute their phishing attacks. These include sending emails that mimic legitimate organizations, such as government agencies, banks, and social media companies. They also create fake websites that resemble official sites and use social engineering techniques to trick users into clicking on malicious links or opening harmful attachments.
Google has noted that APT42 often abuses services like Google (Sites, Drive, Gmail), Dropbox, and OneDrive to carry out these attacks.
Impact on US Presidential Election
During the current US presidential election cycle, TAG detected and disrupted phishing activities by APT42. In May and June, the group targeted the personal email accounts of several individuals connected to both President Biden and former President Trump.
Google continues to observe unsuccessful attempts by APT42 to compromise the accounts of people affiliated with President Biden, Vice President Harris, and former President Trump, including government officials and campaign staff.
Advice for Users
TAG is urging users to stay vigilant and recognize the signs of phishing attacks to protect their personal information.
