"These campaigns were conducted by both known groups and previously unobserved actors, with suspected attribution to China, Belarus, Pakistan and Hamas. The campaigns heavily relied on aspects of the conflict as topical lure content to engage the targets and often used compromised accounts belonging to government organisations to send phishing emails."
"In one such campaign, Belarussian threat actor TA473, or Winter Vivern, impersonated a European Council president spokesperson relaying a statement on the European Union's position on human rights, regional security and Iran's alleged weapons of mass destruction. It was sent to government organisations in both Europe and the Middle East - the first time Winter Vivern has been seen targeting the Middle East."
Following the joint Israeli-US attack on Iran, state-backed cyber threat actors from Belarus, China, Pakistan, and Hamas significantly escalated their malicious activities. Proofpoint intelligence identified multiple campaigns using the Middle Eastern conflict as topical lures to target government organizations. These operations employed both known threat groups and previously unobserved actors. Campaigns heavily relied on compromised government email accounts to distribute phishing emails containing deceptive content. Notable examples include Belarussian actor TA473 impersonating European Council officials to target European and Middle Eastern governments, and China-linked UNK_InnerAmbush targeting regional diplomats. The activity reflects opportunistic exploitation of current events combined with direct intelligence collection efforts related to Middle Eastern governments and their allies.
#cyber-threats #state-sponsored-actors #phishing-campaigns #middle-east-conflict #intelligence-collection
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]