September is Suicide Prevention Awareness Month. I am committed to doing right by our people – and continuing to work to ensure that our service members have access to the mental health care they need. pic.twitter.com/NUkpisFAUc
— Secretary of Defense Lloyd J. Austin III (@SecDef) September 3, 2024
Day: September 3, 2024
Not all heroes wear capes! https://t.co/IGar7Rgs03
— SPIES&VESPERS (@SpiesVespers) September 3, 2024
#TechTuesday: NCSC’s Wall of Spies Artifact, the Lorenz SZ 40/42, known as TUNNY. This encryption machine was used by the German High Command during WWII, but its code was broken by the British, yielding insights into German strategy and helping the Allies in the D-Day invasion. pic.twitter.com/pPUtp8EO5w
— NCSC (@NCSCgov) September 3, 2024
Today is my 81st Birthday! 🎂I can’t believe it! Here I am in my Birthday suit many moons ago!
Help me celebrate by donating to help with my fight with Parkinson’s.🩵#superman #birthday #valerieperrine https://t.co/xqRtQo0chl pic.twitter.com/7DMlQS4XNq— valerie perrine (@TheValPerrine) September 3, 2024
Today NCSC and partners across the US government kicked off National Insider Threat Awareness Month (NITAM) 2024, an annual, month-long campaign to educate government and industry about the risks posed by #insiderthreats. https://t.co/8q3IeZf1te pic.twitter.com/rJynJQ9T5F
— NCSC (@NCSCgov) September 3, 2024
Iranian state-sponsored hackers have launched an espionage campaign targeting individuals perceived as threats to the regime. The cyber spies operate fake job websites, luring unsuspecting job seekers into giving up their personal information, which Iran then uses to spy on them.
The operation, uncovered by the U.S. cybersecurity firm Mandiant, dates back to 2017 and is believed to be part of a broader effort to silence those who oppose the Iranian regime, targeting Iranian dissidents, activists, and human rights advocates.
Ofir Rozmann, Trust and Safety Analyst at Mandiant, told National Security News: “Iranian individuals targeted by this campaign may reveal themselves to the Iranian regime as Israeli/Western supporters, and interested in collaborating with Israeli entities.”
“Subsequently, Iran’s regime may investigate these individuals, conduct further operations against them (cyber and non-cyber) and persecute them,” Rozmann added.
Mandiant found over 35 websites disguised as legitimate recruitment sites. The digital traps offered attractive job opportunities for intelligence and security agencies and promised to protect the privacy of applicants.
To enhance their credibility, the cyber criminals employed a variety of tactics. The websites featured “Israel-related lures” such as images of national symbols and flags, as well as hi-tech offices and major city landmarks.
Additionally, the contact details on the site listed Telegram links with handles containing “IL” (Israel) references, further reinforcing the campaign’s perceived affiliation with Israel, stated Mandiant.
Once the unsuspecting victims click “apply”, they are asked for personal details, including their name, birth date, email, home address, education, and professional experience. The sensitive information is then sent to the attackers.
While the campaign primarily targeted Farsi speakers, Mandiant identified similar operations aimed at Arabic-speaking individuals linked to Syria and Hezbollah. The websites were active between 2020 and 2023, and used a similar style and imagery. One of the websites called “VIP Recruitment” advertised as a recruitment centre for “respected military personnel”, displayed a picture of an Israeli flag.
To amplify their reach, Mandiant said that the cyber spies behind the campaign used fake social media accounts to publicise links to the malicious websites. Posts were made across platforms like X and Virasty, a social media platform that is commonly used in Iran.
Rozzmann said: “Iran’s social engineering efforts are becoming increasingly sophisticated as time goes by. Individuals should be sure to carefully inspect job-related inquiries they receive over social media, as these continue to provide a fertile ground for various Iran-nexus cyber operations.”
Mandiant believes that the campaign is being operated on behalf of Iran’s regime, as the tactics and techniques used were similar to those of APT42, a group linked to Iran’s IRGC Intelligence Organisation. APT42 has a history of conducting surveillance operations against domestic threats and individuals of interest to the Iranian government.
Rozzman explained that users of Google Chrome and other browsers are now better protected against such activities, as the “SafeBrowsing” feature has successfully blocked the malicious infrastructure involved.
The post Cyber spies target Iranian government critics with fake job sites first appeared on National Security News.
Read #MEMRI analysis: Former #Algerian Army Colonel On Algerian Secret Services’ Responsibility For The Assassination Of Algerian President Boudiaf – Audio of report here https://t.co/oHZ0XDGs49 pic.twitter.com/Xvv6UE2clx
— MEMRI (@MEMRIReports) September 3, 2024
A U.S. intelligence satellite image uncovered a new nuclear missile site in Russia—Putin’s ‘invincible’ missile with unlimited range is locked and loaded. Some wonder if the Kremlin is gearing up for nuclear war. #NuclearThreat #Russia #GlobalSecurityhttps://t.co/fD0nPZzPtf pic.twitter.com/ZfMFGxnc4I
— Robert Morton (@Robert4787) September 3, 2024
#TechTuesday: NCSC’s Wall of Spies Artifact, the Lorenz SZ 40/42, known as TUNNY. This encryption machine was used by the German High Command during WWII, but its code was broken by the British, yielding insights into German strategy and helping the Allies in the D-Day invasion. pic.twitter.com/pPUtp8EO5w
— NCSC (@NCSCgov) September 3, 2024