Last month, Trump re-imposed sanctions on Iran and hackers have since upped their focus on hacking personal emails of American officials involved in enforcing those sanctions from the U.S. Treasury.
The AP is reporting on this – using data from Certfa as the primary source on tracking.
Commenting on this news is KnowBe4’s new Senior VP of Cyber Operations, Rosa Smothers. She is a former CIA Technical Intelligence Officer whose experience primarily fell in the Center for Cyber Intelligence and the Counterterrorism Mission Center.
Rosa Smothers, Senior VP of Cyber Operations at KnowBe4:
“Attribution is often difficult based solely upon technical data but this is very likely state sponsored activity. The CERTFA team documented the use of more than 20 domain names over the course of this intrusion set, the adversary took the time to research their targets and create seemingly innocuous spear phishing emails, then targeted federal officials working on issues related to Iranian sanctions. Quite frankly, I’d be surprised if this weren’t the IRGC (Iran’s Islamic Revolutionary Guard Corps.)
This situation illustrates why engaging, ongoing security awareness training as well as simulated phishing is so important. Email authentication technologies such as DMARC are important, but the human factor cannot be overlooked. If personnel can access their personal webmail and social media from a company computer, these compromises will continue to occur until we better enable people to know when not to engage.”