Iran State Hackers Impersonate Boeing and DJI, Post Fake Job Offers

Iran State Hackers Impersonate Boeing and DJI, Post Fake Job Offers

A state-sponsored Iranian hacking gang has been observed posing as defense contractors Boeing and DJI, posting fake job ads in a broader phishing campaign targeting members of the aerospace, aviation and defense industries.

The cybersecurity firm has attributed the campaign to the Iranian hacking group UNC1549 “with moderate confidence.” principal. The threat group has connections to the threat group Tortoiseshell, and both groups have connections to the Islamic Revolutionary Guard Corps.

According to Mandiant, the threat group aims to gain access to defense contractors’ systems through phishing and credential harvesting to engage in cyberespionage, particularly targeting organizations within Israel and the United Arab Emirates (UAE), as well as potentially to India and Albania. , Türkiye and other Middle Eastern countries.

It does this through phishing emails with fake job offers sent to the staff of these industrial organizations and which, when clicked, generate malware.

The hackers also created fake job sites with URLs like “1stemployer[.]com” or “career finder[.]com”.

The jobs advertised were for technology and defense-related roles, such as project manager positions in the areas of aviation, aerospace and thermal imaging.

“Mandiant observed that this campaign implemented multiple evasion techniques to mask its activity, most notably extensive use of Microsoft Azure cloud infrastructure, as well as social engineering schemes to spread two unique backdoors: MINIBIKE and MINIBUS,” Mandiant wrote. in his report.

Once inside, hackers collect data that can leverage greater access to the target system.

Mandiant also observed hackers posing as the “Bring Them Home Now” movement, a campaign calling for the return of Israeli hostages who have been kidnapped by Hamas, and some of the emails directed users to a fake site to the campaign.

Mandiant’s latest observations come at a time when cyberwarfare and hacktivism play an increasingly important role in modern conflicts, such as the war between Israel and Hamas.

Anonymous Sudan is one of those actors that has increased the frequency and breadth of its operations in light of the conflict.

The group recently launched a distributed denial of service (DDoS) attack against OpenAI, crippling its ChatGPT service, among others, in response to anti-Palestine comments made by one of its executives, among other reasons.

“ChatGPT, can’t you fix your bad protection? Thank you Cloudflare for the worst protection,” he wrote in a Telegram post shared by the group’s leader, Crush.

“We have hit ChatGPT and openAI hard for many reasons,” said Anonymous Sudan.

“OpenAI’s cooperation with the occupying state of Israel and OpenAI’s CEO saying he is willing to invest more in Israel, and his several meetings with Israeli officials like Netanyahu, as reported by Reuters.

“AI is now being used in weapons development and by intelligence agencies like Mossad, and Israel is also employing AI to further oppress the Palestinians.

“ChatGPT has a general bias towards Israel and against Palestine as has been exposed on Twitter, in general there is a huge bias of the model towards some topics that need to be corrected.

“OpenAI is an American company and we still target any American company.”

Leave a Reply

Your email address will not be published. Required fields are marked *