Trusted Design

London Calling: Two-Factor Authentication Phishing From Iran

概要

(Citizen Lab) This report describes an elaborate phishing campaign against targets in Iran’s diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and “real time” login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi. The attacks point to extensive knowledge of the targets’ activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

Created: 2026-02-23

Indicators

類似Pulses

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.70)
Android Malware Targeting Journalists (score: 0.65)
Domestic Kitten: An Iranian Surveillance Operation (score: 0.63)
Domestic Kitten: An Iranian Surveillance Operation (score: 0.63)
Attacks Against the Mongolian Government (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 23.21

Matched TTPs:

T1110.001 - Password Guessing
T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1498 - Network Denial of Service
T1221 - Template Injection
T1204.001 - Malicious Link
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

APT29

Score: 12.55

Matched TTPs:

T1110.001 - Password Guessing
T1562.008 - Disable or Modify Cloud Logs
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Mustard Tempest

Score: 5.90

Matched TTPs:

T1583.008 - Malvertising
T1204.001 - Malicious Link

MITREへのリンク →

Sidewinder

Score: 6.41

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Scattered Spider

Score: 14.57

Matched TTPs:

T1598.003 - Spearphishing Link
T1598.004 - Spearphishing Voice
T1598 - Phishing for Information
T1538 - Cloud Service Dashboard

MITREへのリンク →

Mustang Panda

Score: 3.82

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link

MITREへのリンク →

Sandworm Team

Score: 3.82

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link

MITREへのリンク →

ZIRCONIUM

Score: 9.85

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

APT32

Score: 3.82

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link

MITREへのリンク →

Kimsuky

Score: 16.98

Matched TTPs:

T1598.003 - Spearphishing Link
T1566 - Phishing
T1055.012 - Process Hollowing
T1598 - Phishing for Information
T1204.001 - Malicious Link
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Magic Hound

Score: 6.34

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Moonstone Sleet

Score: 8.42

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 7.57

Matched TTPs:

T1598.003 - Spearphishing Link
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 5.61

Matched TTPs:

T1598.003 - Spearphishing Link
T1221 - Template Injection

MITREへのリンク →

Patchwork

Score: 10.26

Matched TTPs:

T1598.003 - Spearphishing Link
T1055.012 - Process Hollowing
T1204.001 - Malicious Link
T1102.001 - Dead Drop Resolver

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1598.004 - Spearphishing Voice

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

UNC3886

Score: 6.72

Matched TTPs:

T1205.001 - Port Knocking
T1124 - System Time Discovery

MITREへのリンク →

INC Ransom

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Sea Turtle

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Axiom

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Threat Group-3390

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

TA2541

Score: 4.51

Matched TTPs:

T1055.012 - Process Hollowing
T1204.001 - Malicious Link

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Storm-1811

Score: 7.06

Matched TTPs:

T1667 - Email Bombing
T1566.003 - Spearphishing via Service

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1614 - System Location Discovery

MITREへのリンク →

Volt Typhoon

Score: 6.72

Matched TTPs:

T1614 - System Location Discovery
T1124 - System Time Discovery

MITREへのリンク →

Confucius

Score: 4.51

Matched TTPs:

T1221 - Template Injection
T1204.001 - Malicious Link

MITREへのリンク →

Tropic Trooper

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

Gamaredon Group

Score: 4.51

Matched TTPs:

T1221 - Template Injection
T1204.001 - Malicious Link

MITREへのリンク →

Inception

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Contagious Interview

Score: 8.42

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 3.95

Matched TTPs:

T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Windshift

Score: 3.88

Matched TTPs:

T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 3.95

Matched TTPs:

T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

OilRig

Score: 3.88

Matched TTPs:

T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

EXOTIC LILY

Score: 3.88

Matched TTPs:

T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 5.88

Matched TTPs:

T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Lazarus Group

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1556 - Modify Authentication Process

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1211 - Exploitation for Defense Evasion
T1221 - Template Injection
T1598 - Phishing for Information
T1598.003 - Spearphishing Link
T1110.001 - Password Guessing
T1204.001 - Malicious Link
T1498 - Network Denial of Service

MITREへのリンク →

Kimsuky

Score: 0.62

Matched TTPs:

T1598 - Phishing for Information
T1102.001 - Dead Drop Resolver
T1598.003 - Spearphishing Link
T1055.012 - Process Hollowing
T1204.001 - Malicious Link
T1566 - Phishing

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る