Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity community under the monikers APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow Garuda (PwC). "The initial interaction attempted to lure the target to engage with a benign email to build conversation and trust to then subsequently click on a follow-up malicious link," security researchers Joshua Miller, Georgi Mladenov, Andrew Northern, and Greg Lesnewich said in a report shared with The Hacker News. "The attack chain attempted to deliver a new malware toolkit called BlackSmith, which delivered a PowerShell trojan dubbed AnvilEcho." TA453 is assessed to be affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC), carrying out targeted phishing campaigns that are designed to support the country's political and military priorities. Data shared by Google-owned Mandiant last week shows that the U.S. and Israel accounted for roughly 60% of APT42's known geographic targeting, followed by Iran and the U.K. The social engineering efforts are both persistent and persuasive, masquerading as legitimate entities and journalists to…Read More