APT42 supported by Iranian terrorist group, report finds

Iranian terrorist organization Islamic Revolutionary Guard Corps has been operating the APT42 threat group as its cyberespionage offshoot, according to The Register. Individuals in U.S., Europe, Australia, and the Middle East have been targeted in spear-phishing campaigns launched by APT42 since at least 2015, a Mandiant report showed. Such attacks involved targeting corporate and personal email accounts to facilitate credential harvesting and Android spyware infections. APT42 has already conducted more than 30 credential harvesting, surveillance, and malware deployment operations during the past seven years, with the number of breaches estimated to be significantly higher, according to the report. Researchers also found APT42's association with TA453, also known as ITG18 and Yellow Garuda, as well as the Phosphorus operation, also known as Charming Kitten. "The IRGC has been associated with everything from DDoS to physical destruction, assassinations, threats to safety and lives. And APT42 appears to be supporting them as they physically track people, so it's hard to imagine a more dangerous scenario," said Mandiant Vice President of Intelligence John Hultquist.