An Iranian hacking group ran a fake professional recruiting business to lure national security officials across Iran, Syria and Lebanon into a cyber espionage trap, according to new research by U.S. cybersecurity firm Mandiant, a division of Alphabet’s (GOOGL.O), opens new tab Google Cloud.
Researchers said the hackers are loosely connected to a group known as APT42 or Charming Kitten, which was recently accused of hacking the U.S. presidential campaign of Republican candidate Donald Trump. APT42 is widely attributed to an intelligence division of the Iranian Revolutionary Guard, an expansive military organization based in Tehran. The FBI has said it is investigating APT42’s ongoing efforts to interfere in the 2024 U.S. election.
The mission uncovered by Mandiant dates back to at least 2017 and was active until recently. At different times, the Iranians made their operation appear as if it was controlled by Israelis. Analysts say the likely purpose of the impersonation was to identify individuals in the Middle East who were willing to sell secrets to Israel and other Western governments. It targeted military and intelligence staff associated with Iran’s allies in the region.
Read the rest of the story at Reuters.