Iranian hackers found using tool to extract 2FA SMS codes


San Francisco, Sep 19 (IANS): Researchers at cybersecurity firm Check Point have unravelled an ongoing surveillance operation by Iranian entities who have used multiple tools including an Android backdoor that extracts two-factor authentication (2FA) codes from SMS messages and records the phone's voice surroundings.

The hacking group, nicknamed Rampant Kitten by Check Point, largely managed to keep the operations under the radar for at least six years.

The hackers have been taking advantage of multiple attack vectors to spy on their victims, attacking victims' personal computers and mobile devices, and their supposedly private, secure communications via Telegram and other social networks, Check Point said in a blog post on Friday.

According to Check Point, the tools deployed by the hacking group appear to be mainly used against Iranian minorities, anti-regime organisations and resistance movements such as Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization and Balochistan residents.

Among the different attacks Check Point found were four variants of Windows infostealers intended to steal victims' personal documents as well as access their Telegram Desktop and KeePass (an open source password manager) account information.

The tool and methods used by the threat actors also included an Android backdoor mentioned earlier and malicious Telegram phishing pages, distributed using fake Telegram service accounts.

"Since most of the targets we identified are Iranian nationals, it appears that in common with other attacks attributed to the Islamic Republic, this might be yet another case in which Iranian threat actors are collecting intelligence on potential opponents to the regime," said the blog post.

 

  

LEAVE A COMMENT

Title : Iranian hackers found using tool to extract 2FA SMS codes


 
 
 
 

 
You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.


Security Validation

Enter the characters in the image