"Iranian Hacker Group TA453 Caught Phishing University Scholars"
Proofpoint researchers recently discovered the Iran-linked hacker group TA453 carrying out a credential-stealing phishing operation called Operation SpoofedScholars. The TA453 threat actors masqueraded as British scholars with the University of London's School of Oriental and African Studies (SOAS). They made their conversations with intended victims appear legitimate by hacking a real website run by SOAS, creating personalized credential harvesting pages disguised as registration links, and sending emails to victims inviting them to attend an online conference. According to Proofpoint, TA453 targeted experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists who specialize in Middle Eastern coverage. One of the emails distributed by the hacker group showed the use of a Gmail account to send personal invitations to experts and scholars. The email asked recipients to participate in a webinar hosted by the SOAS University of London as main speakers. Confirmation of their participation required the recipients to click on a registration link, enter their personal details, and share their bank account information. Proofpoint has said TA453's tactics, techniques, and targeting aligned with Islamic Revolutionary Guard Corps (IRGC) intelligence collection priorities. The firm also pointed out that the targeted victims have information of interest to the Iranian government, such as information about foreign policy, U.S. nuclear negotiations, and more. This article continues to discuss the Iran-linked Advanced Persistent Threat (APT) group's phishing campaign targeting experts and professors.
TEISS reports "Iranian Hacker Group TA453 Caught Phishing University Scholars"