The group calls itself Phosphorus.
They are of Iranian origin. According to the German authorities and the American company, Microsoft, they would specifically target participants of two conferences. Lectures that connect political experts and universities in Germany and Saudi Arabia. In other words, high-level international conferences.
This article will also interest you: When gendarmes refuse to install McAfee because of its link with Microsoft
This problem was first anticipated and detected by Microsoft's threat training center. The organization created by Redmond's giant said it had intercepted several attempts from the phosphorus group. It's various attempts were aimed at stealing the login credentials of nearly a hundred "high-sighted individuals" who are supposed to attend the next Munich security conference, and that of the "Think 20 (T20)" summit in Saudi Arabia.
The modus operandi of hackers was to send falsified invitations to people targeted by e-mail the intention was to deceive them to extract certain personal information. A classic phishing case, with emails writing in near-perfect English according to Microsoft Center. Were targeted, academics, civil servants, event organizers, political experts and reasons for government organization.
Redmond's firm has not yet said whether compromising information was obtained by the Iranian hacker group. For its part, Microsoft claims to have already notified the organizers of these events which in turn have carried out a warning of the participants.
"We believe that Phosphorus is carrying out these attacks for intelligence purposes. The attacks have succeeded in compromising several victims, including former ambassadors and other high-level political experts who contribute to the development of global programs and foreign policies in their respective countries," the Redmond giant said. "We recommend that people assess the authenticity of the emails they receive about major conferences by ensuring that the sender's address appears legitimate and that any built-in link redirects to the official conference domain. he adds.
Microsoft has released a table outlining the observed compromise indicators. It has been made available to security teams so that it can finally identify the next campaign that can be initiated based on the previous one.
To protect yourself, basic security measures such as dual-factor authentication where strengthening the rules for transmitting electronic correspondence can help. Especially by phishing that is going on and directed against the participants.
In its recent report, Redmond's digital defense company highlighted the fact that states often use well-organized cybercriminal groups to frequently target other states or organizations and companies in an underlying cyberwarfare fight. The objective is to destabilize and steal confidential information. And unfortunately this is becoming more and more common.
Now access an unlimited number of passwords: