Trusted Design

London Calling: Two-Factor Authentication Phishing From Iran

概要

(Citizen Lab) This report describes an elaborate phishing campaign against targets in Iran’s diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and “real time” login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi. The attacks point to extensive knowledge of the targets’ activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

Created: 2026-02-23

Indicators

類似Pulses

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.70)
Android Malware Targeting Journalists (score: 0.65)
Domestic Kitten: An Iranian Surveillance Operation (score: 0.63)
Domestic Kitten: An Iranian Surveillance Operation (score: 0.63)
Attacks Against the Mongolian Government (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 23.21

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1146 - Clear Command History
T1200 - Hardware Additions
T1027.018 - Invisible Unicode
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 12.55

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1546.018 - Python Startup Hooks
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Mustard Tempest

Score: 5.90

Matched TTPs:

T1682 - Query Public AI Services
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 6.41

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode
T1578.001 - Create Snapshot

MITREへのリンク →

Scattered Spider

Score: 14.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1019 - System Firmware
T1197 - BITS Jobs
T1027.002 - Software Packing

MITREへのリンク →

Mustang Panda

Score: 3.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Sandworm Team

Score: 3.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 9.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1027.018 - Invisible Unicode
T1578.001 - Create Snapshot

MITREへのリンク →

APT32

Score: 3.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 16.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1562.013 - Disable or Modify Network Device Firewall
T1001 - Data Obfuscation
T1197 - BITS Jobs
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

Magic Hound

Score: 6.34

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Moonstone Sleet

Score: 8.42

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 7.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 5.61

Matched TTPs:

T1566.002 - Spearphishing Link
T1200 - Hardware Additions

MITREへのリンク →

Patchwork

Score: 10.26

Matched TTPs:

T1566.002 - Spearphishing Link
T1001 - Data Obfuscation
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1019 - System Firmware

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1547.015 - Login Items

MITREへのリンク →

UNC3886

Score: 6.72

Matched TTPs:

T1547.015 - Login Items
T1578.001 - Create Snapshot

MITREへのリンク →

INC Ransom

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Sea Turtle

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Axiom

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 4.51

Matched TTPs:

T1001 - Data Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Storm-1811

Score: 7.06

Matched TTPs:

T1567.003 - Exfiltration to Text Storage Sites
T1547.008 - LSASS Driver

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1584.002 - DNS Server

MITREへのリンク →

Volt Typhoon

Score: 6.72

Matched TTPs:

T1584.002 - DNS Server
T1578.001 - Create Snapshot

MITREへのリンク →

Confucius

Score: 4.51

Matched TTPs:

T1200 - Hardware Additions
T1027.018 - Invisible Unicode

MITREへのリンク →

Tropic Trooper

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Gamaredon Group

Score: 4.51

Matched TTPs:

T1200 - Hardware Additions
T1027.018 - Invisible Unicode

MITREへのリンク →

Inception

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Contagious Interview

Score: 8.42

Matched TTPs:

T1651 - Cloud Administration Command
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 3.95

Matched TTPs:

T1027.018 - Invisible Unicode
T1578.001 - Create Snapshot

MITREへのリンク →

Windshift

Score: 3.88

Matched TTPs:

T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 3.95

Matched TTPs:

T1027.018 - Invisible Unicode
T1578.001 - Create Snapshot

MITREへのリンク →

OilRig

Score: 3.88

Matched TTPs:

T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

EXOTIC LILY

Score: 3.88

Matched TTPs:

T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 5.88

Matched TTPs:

T1578.001 - Create Snapshot
T1008 - Fallback Channels

MITREへのリンク →

Lazarus Group

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1686.001 - Cloud Firewall

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1027.018 - Invisible Unicode
T1566.003 - Spearphishing via Service
T1146 - Clear Command History
T1200 - Hardware Additions
T1222.002 - Linux and Mac Permissions

MITREへのリンク →

Kimsuky

Score: 0.62

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1008 - Fallback Channels
T1001 - Data Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る