APT42 | Breaking Cybersecurity News | The Hacker News

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity community under the monikers APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow Garuda (PwC). "The initial interaction attempted to lure the target to engage with a benign email to build conversation and trust to then subsequently click on a follow-up malicious link," security researchers Joshua Miller, Georgi Mladenov, Andrew Northern, and Greg Lesnewich said in a report shared with The Hacker News. "The attack chain attempted to deliver a new malware toolkit called BlackSmith, which delivered a PowerShell trojan dubbed Anv

The Iranian state-backed hacking outfit called  APT42  is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was observed  posing as journalists  and event organizers to build trust with their victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents," the company  said . "These social engineering schemes enabled APT42 to harvest credentials and use them to gain initial access to cloud environments. Subsequently, the threat actor covertly exfiltrated data of strategic interest to Iran, while relying on built-in features and open-source tools to avoid detection." APT42 (aka Damselfly and UNC788),  first documented  by the company in September 2022, is an Iranian st

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,