“the group ’ s infrastructure. government - backed attacker warning google sites phishing : we took down multiple apt42 - created google sites pages that masqueraded as a petition from the legitimate jewish agency for israel calling on the israeli government to enter into mediatio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
98%
“tactics like sending phishing links either directly in the body of the email or as a link in an otherwise benign pdf attachment. in such cases, apt42 would engage their target with a social engineering lure to set - up a video meeting and then link to a landing page where the tar…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
97%
“than 270 government - backed attacker groups from more than 50 countries, and we regularly publish our findings to keep the public informed of these threats. as we outlined above, apt42 is a sophisticated, persistent threat actor and they show no signs of stopping their attempts …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
94%
“focus in support of iran ’ s political and military priorities. between february and late july 2024, apt42 heavily targeted users in israel and the u. s. spikes in apt42 targeting against israel targeted apt42 credential phishing campaigns focused on israel between february and l…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
93%
“compromise the targets. google suspended identified gmail accounts associated with apt42. a june 2024 campaign targeting israeli ngos used a benign pdf email attachment impersonating the legitimate project aladdin, which contained a shortened url link that redirected to a phishin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
89%
“attempts. for example, in some cases they have identified that an account is configured to use device prompts as an accepted second factor and added support for them in their gcollection phishing kit. apt42 then combines this approach with knowledge of the target ' s current geog…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
73%
“. s. government and individuals associated with the respective campaigns. we blocked numerous apt42 attempts to log in to the personal email accounts of targeted individuals. recent public reporting shows that apt42 has successfully breached accounts across multiple email provide…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
65%
“tactics like sending phishing links either directly in the body of the email or as a link in an otherwise benign pdf attachment. in such cases, apt42 would engage their target with a social engineering lure to set - up a video meeting and then link to a landing page where the tar…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
54%
“iranian backed group steps up phishing campaigns against israel, u. s. iranian backed group steps up phishing campaigns against israel, u. s. today google ’ s threat analysis group ( tag ) is sharing insights on apt42, an iranian government - backed threat actor, and their target…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
47%
“the group ’ s infrastructure. government - backed attacker warning google sites phishing : we took down multiple apt42 - created google sites pages that masqueraded as a petition from the legitimate jewish agency for israel calling on the israeli government to enter into mediatio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
40%
“attempts. for example, in some cases they have identified that an account is configured to use device prompts as an accepted second factor and added support for them in their gcollection phishing kit. apt42 then combines this approach with knowledge of the target ' s current geog…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
34%
“/ ycollection : a sophisticated credential harvesting tool observed by tag, capable of gathering credentials from google, hotmail and yahoo users respectively. this kit has seen consistent development since it was first observed in use by apt42 in january 2023. the current versio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Google’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.