Microsoft Reveals Iran Hacking Campaign Targeting Mideast Experts

Logo of Microsoft on its office building in Beijing, China, May 25, 2023
Logo of Microsoft on its office building in Beijing, China, May 25, 2023

Microsoft has revealed that "high-profile" experts specializing in Middle Eastern affairs are under attack from hackers believed to be linked to the Iranian government.

The entities under attack were located in Belgium, France, Gaza, Israel, the United Kingdom, and the United States.

The Microsoft Threat Intelligence team, in a recent blog post, outlined that since November, a faction of the hacking group Mint Sandstorm has utilized "customized phishing lures to socially engineer targets into downloading malicious files."

The report notes the application of new tools in observed incidents. According to Microsoft, the operators in the Mint Sandstorm subgroup exhibit highly skilled social engineering capabilities, lacking many typical hallmarks that users rely on to identify phishing emails. In some instances, the subgroup used compromised but legitimate accounts to disseminate phishing lures.

Microsoft's findings indicate a correlation between the recent campaign and the ongoing conflict in Gaza, with phishing lures referencing the Israel-Hamas war. The objective is to gather diverse internal perspectives on the conflict.

Mint Sandstorm, also known as APT35 or Charming Kitten, is associated with the Islamic Revolutionary Guard Corps (IRGC), an intelligence arm of Iran's military. The campaign primarily targets people with access to information crucial to Tehran's leadership.

Prior instances involve the group targeting journalists, researchers, professors, and others with resource-intensive social engineering campaigns. Some cases featured legitimate yet compromised email accounts belonging to the impersonated victims.

Initial emails in some instances lacked malicious content as hackers aimed to establish relationships with their targets before initiating espionage processes.