4 research outputs found
London Calling: Two-Factor Authentication Phishing from Iran
The anonymous targets who have generously shared these materials with us;
Jillian York (EFF); Citizen Lab colleagues including Morgan Marquis-Boire, Masashi
Crete-Nishihata, Bill Marczak, Ron Deibert, Irene Poetranto, Adam Senft, and
Sarah McKune; Gary Belvin (Google) and Justin Kosslyn (Google Ideas); Cyber
Arabs; Jordan Berry, Nart Villeneuve; and two anonymous colleagues.
Thanks also to Frederic Jacobs who suggested a change to the wording of the
HTTPS check text.This report describes an elaborate phishing campaign using two-factor authentication against targets in Iran’s diaspora, and at least one Western activist
Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites
Thanks to John Scott-Railton for comments on the post.This report analyzes a campaign of targeted attacks against an NGO working on environmental issues in Southeast Asia. Our analysis reveals connections between these attacks, recent strategic web compromises against Burmese government websites, and previous campaigns targeting groups in the Tibetan community
Group5: Syria and the Iranian Connection
We thank Noura Al-Ameer for collaborating with this investigation, and for
graciously agreeing to be included in this report. The targeted nature of many
cases means that, without the help of brave targets and victims, we are often left
with a very limited view of what is taking place.
We are exceptionally grateful to colleagues at Citizen Lab for comments, critical
feedback, and assistance with document preparation including Ron Deibert,
Bill Marczak, Morgan Marquis-Boire, Sarah McKune, Masashi Nishihata, Irene
Poetranto,Christine Schoellhorn, and Adam Senft. Thanks also to Justin Kosslyn
and Brandon Dixon for helpful feedback.
We would also like to thank the following teams: Lookout, PassiveTotal and RiskIQ,
VirusTotal, and Cisco’s AMP Threat Grid Team for data correlation.
Very special thanks to other investigators who wished to remain anonymous but
provided exceptionally helpful assistance, especially TNG and Tuka.
Note: the night sky image of Syria used as background for several illustrations is
from CIMSS at the University of Wisconsin Madison.This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware