"The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.

"It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them," Neumann said.

Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.

The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related."

https://www.politico.eu/article/european-parliament-iran-delegation-chair-victim-tehran-linked-hacking-hannah-neumann/

#EU #Germany #Iran #CyberSecurity #StateHacking #Spyware #APT42 #APT35

APT42, eine Hackereinheit, die sehr wahrscheinlich von den iranischen Revolutionsgarden gesteuert wird, attackiert die Abgeordnete des EU-Parlaments und Leiterin der Iran-Delegation des EP, Hannah Neumann. Das ist Spionage, aber auch der Versuch, einzuschüchtern. #apt42
https://www.zeit.de/2025/17/hannah-neumann-spionage-iran-hacker-europaeisches-parlament

New APT insight from Proofpoint ⬇️

This week, our team observed IRGC/Iraninan-aligned threat group #TA453 continue their phishing efforts despite the recent unsealing of indictments and sanctions by the U.S. government.

Specifically, Proofpoint observed TA453 masquerade as the Centre for Feminist Foreign Policy (CFFP) to target individuals associated with U.S. based universities, media companies, and politically adjacent social benefit organizations.

Today #CISA and the @FBI released a resource guide titled, “How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations.” It sets a good baseline on ways to protect against a variety of threat actors, including TA453. https://www.cisa.gov/resources-tools/resources/how-protect-against-iranian-targeting-accounts-associated-national-political-organizations

TA453 overlaps with reporting on #CharmingKitten, #MintSandstorm, #CharmingCypress and #APT42.

See our recent blog post to learn more about TA453’s malware evolution. https://ow.ly/OrXE50THoKZ

ファイブ・アイズ情報長官が警告する「中国ハッカーの脅威」に並ぶ､ #イラン 組織の危険度とは ?
Yahoo!ニュース
企業や組織が #サイバー攻撃 対策として行うべき対応は ? #APT42 は､ #マルウェア を使った攻撃や､ #フィッシングページ などにアクセスさせるといった手法を駆使し、 ...
https://goo.gl/alerts/a6SPPm

#SocialEngineering: Meta blockiert verdächtige #WhatsApp-Konten​ | Security https://www.heise.de/news/Social-Engineering-Meta-blockiert-verdaechtige-WhatsApp-Konten-9846640.html #CyberCrime #Phishing #APT42 #UNC788 #MintSandstorm #MetaPlatforms

The Iran-aligned threat actor who compromised the Trump campaign's email systems is known in the cybersecurity research community as #TA453, #APT42, or #CharmingKitten.

"The group's appearance in the U.S. election is noteworthy, sources told @Reuters, because of their invasive #espionage approach against high-value targets in Washington and Israel."

Read the article for insights from Joshua Miller of Proofpoint and other experts: https://www.reuters.com/world/trump-campaigns-iranian-hackers-have-dangerous-history-deep-expertise-2024-08-23/

#Google disrupted hacking campaigns carried out by #Iran-linked #APT42
https://securityaffairs.com/167095/security/google-disrupted-apt48-hacking-campaign.html
#securityaffairs #hacking

#Google disrupted hacking campaigns carried out by #Iran-linked #APT42
https://securityaffairs.com/167095/security/google-disrupted-apt48-hacking-campaign.html
#securityaffairs #hacking

A Single #Iranian #Hacker Group Targeted Both Presidential Campaigns, #Google Says

#APT42 , which is believed to work for Iran’s #RevolutionaryGuard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s #ThreatAnalysisGroup.
#iran #trump #biden #election #election2024

https://www.wired.com/story/iran-apt42-trump-biden-harris-phishing-targeting/

Iranese hackergroep richt zich op beide presidentiële campagnes, volgens google https://www.trendingtech.news/trending-news/2024/08/29055/iranese-hackergroep-richt-zich-op-beide-presidenti-le-campagnes-volgens-google #APT42 #Iranese hackergroep #cyberveiligheid politieke campagnes #Google Threat Analysis Group #hack-en-lek operatie #Trending #News #Nieuws

Iranian backed group steps up phishing campaigns against Israel, U.S.
#APT42
https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/

Why does no one talk about #APT42 propensity to bring a towel?

https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/

🚨 ALERT: Iranian hackers (#APT42) posing as journalists and event organizers to launch cyber attacks on NGOs, media, academia, and activists.

https://thehackernews.com/2024/05/apt42-hackers-pose-as-journalists-to.html

#cybersecurity #hacking

Uncharmed: Untangling Iran's APT42 Operations
#APT42 #TAMECAT #NICECURL
https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/

📬 PowerLess: Malware hat es jetzt auch auf Telegram-Daten abgesehen
#Cyberangriffe #Kurznotiert #Malware #APT35 #APT42 #CharmingKitten #CheckPointResearch #EducatedManticore #MintSandstorm #Phosphorus #PowerLess #TA453 #Telegram https://tarnkappe.info/artikel/it-sicherheit/malware/powerless-malware-hat-es-jetzt-auch-auf-telegram-daten-abgesehen-273696.html

⚠ #HRW and #Amnesty investigation reveals #Iran gov't backed hackers have targeted activists, journalists, & researchers working on Middle East issues with phishing attacks.

@humanrightswatch infosec team attributes this campaign to state-backed threat actor #APT42.

I spent the past couple of weeks with @tek and @donncha investigating an ongoing social engineering and phishing campaign that impersonated a think tank based in #Lebanon to trick its targets and invite them to a summit.

2 HRW staff were targeted, and after investigating the infrastructure used, we found 18 other targets. at least 3 targets were successfully compromised by #APT42

Read the full report and the technical analysis on HRW's website 👇

https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians

Recorded Future published a report on a #phishing and follow-on credential theft attack highly likely led by an #Iran nexus threat activity group targeted against the US-based Washington Institute think tank. While we track this group under the temporary designator TAG56, it depicts many of the known TTPs associated with #APT42 and has overlaps in victimology: https://www.recordedfuture.com/suspected-iran-nexus-tag-56-uses-uae-forum-lure-for-credential-theft-against-us-think-tank