Press ESC to close

Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

CategoryDetails
Threat ActorsIranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO).
Campaign OverviewFake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering.
Target Regions (Victims)High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities.
MethodologySocial engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware.
Product TargetedIntelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures.
Malware ReferenceBlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut.
Tools UsedLNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers.
Vulnerabilities ExploitedMalware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths.
TTPsPhishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox.
AttributionTA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42).
RecommendationsEnhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains.
SourceProofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities.

Read full article: https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering

The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *