Analysis of well-known Iranian hacking group points to more purely financial attacks

Written by
May 12, 2022 | CYBERSCOOP

An analysis of a well-known Iranian hacking operation that’s previously blurred the line between espionage and extortion suggests that the group is engaging in more purely financial attacks, including against targets in the U.S., Europe and Australia.

Researchers at various cybersecurity firms — as well as cybersecurity authorities in the U.S., the U.K. and Australia — have previously published reports on the activities of a group known variously as Cobalt Mirage, Charming Kitten, Phosphorous or TunnelVision. A November 2021 notice that the governments of the U.S., U.K. and Australia issued said the activity is “associated with the government of Iran” and is designed to gain access to a broad swath of targets for data exfiltration, ransomware or extortion.

The analysis released Thursday by researchers with Secureworks Counter Threat Unit builds on the previous reporting, but adds detail by unpacking attacks on an unnamed “U.S. philanthropic organization” in January 2022 and an unnamed local U.S. government in March 2022.

The two incidents represent distinct clusters of activity within the Cobalt Mirage group, the researchers concluded, with one focused on opportunistic ransomware attacks for financial gain and the other working

Read More: