Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a coordinated and multi-wave spear-phishing campaign targeting embassies and consulates in Europe and other regions across the world.
The attack chains involve the use of spear-phishing emails with themes related to geopolitical tensions between Iran and Israel to send a malicious Microsoft Word that, when opened, urges recipients to “Enable Content” in order to execute an embedded Visual Basic for Applications (VBA) macro, which is responsible for deploying the malware payload.
The digital missives were sent from 104 unique compromised addresses belonging to officials and pseudo-government entities to give them an extra layer of credibility. At least some of the emails originated from a hacked mailbox belonging to the Oman Ministry of Foreign Affairs in Paris (*@fm.gov[.]om).
😮