US security company says Iranian hackers targeted American, Israeli medical experts

Phishing is considered cybercrime during which the targets are contacted by email, telephone or text message by someone pretending to be a legitimate institution or person to trap individuals into providing sensitive data. (Shutterstock)
Short Url
  • The TA453 group, also called Charming Kitten and Phosphorus, launched a credential phishing campaign targeting senior medical professionals
  • The group has historically aligned with Iran’s Islamic Revolutionary Guard Corps

DUBAI: The US-based security company said a group of Iranian hackers targeted American and Israeli senior medical professionals, the company’s report said.

The TA453 group, also called Charming Kitten and Phosphorus, launched a credential phishing campaign targeting senior medical professionals specializing in genetic, neurology, and oncology research.

Phishing is considered cybercrime during which the targets are contacted by email, telephone or text message by someone pretending to be a legitimate institution or person to trap individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

In the latest attack, dubbed BadBlood by Proofpoint researches due to medical focus and tensions between Iran and Israel, the group sent fake emails posing as a prominent Israeli physicist with “Nuclear weapons at a glance: Israel” in the subject lane.

A link inside the emails took the clickers to a fake Microsoft’s OneDrive website with a PDF document, which allowed the hackers to collect users’ log in information.

As soon as the individuals clicked the log in, they were diverted back to the real Microsoft OneDrive website, covering the tracks of any phishing attack, the report explained.

The group has historically aligned with Iran’s Islamic Revolutionary Guard Corps to target ‘dissidents,’ academics, diplomats, and journalists.

Proofpint said “BadBlood is a deviation from the group’s usual activity. While this campaign may represent a shift in TA453 targeting overall, it is also possible it may be the result of a specific short term intelligence collection requirement. BadBlood is aligned with an escalating trend of medical research being increasingly targeted by threat actors.”