Iranian hackers ramp up digital attacks on US political campaigns

Elections are coming up, and threat actors are ramping up efforts to manipulate voters and attack political campaigns. Cybersecurity researchers have discovered new network infrastructure set up by Iranian hackers, aimed at targeting U.S. political campaigns. They use phishing emails and links to trick users into installing malicious software, often pretending to be cloud services.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

The infrastructure has been discovered by Recorded Future’s Insikt Group, which has been tracking it since June 2024. The cybersecurity company has linked the infrastructure to GreenCharlie, an Iran-nexus cyberthreat group with connections to Mint Sandstorm, Charming Kitten, and APT42.

“GreenCharlie’s phishing operations are highly targeted, often employing social engineering techniques that exploit current events and political tensions,” Recorded Future said.

The hackers have set up their systems very carefully, using specific services to create websites for phishing attacks. These fake websites often look like they belong to cloud services, file-sharing platforms or document-viewing tools to trick people into sharing personal information or downloading harmful files.

Some examples of these fake website names include “cloud,” “uptimezone,” “doceditor,” “joincloud” and “pageviewer.” Most of these sites were registered with the .info domain, which is a change from the other domains like .xyz, .icu and .online that hackers used in the past.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

DON’T FALL PREY TO THIS ELECTION SEASON’S CRAFTIEST SCAMS

It’s not their first rodeo

The threat actors are known for launching highly targeted phishing attacks, where they use sophisticated social engineering tricks to infect users with malware. Some of the malware they use includes POWERSTAR (also known as CharmPower and GorjolEcho) and GORBLE, which was recently identified by Google’s Mandiant as being used in attacks against Israel and the U.S.

“Iran and its associated cyber-espionage actors have consistently demonstrated both the intent and capability to engage in influence and interference operations targeting U.S. elections and domestic information spaces. These campaigns are likely to continue utilizing hack-and-leak tactics aimed at undermining or supporting political candidates, influencing voter behavior, and fostering discord,” the cybersecurity company said.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

HACKED, SCAMMED, EXPOSED: WHY YOU’RE 1 STEP AWAY FROM DISASTER ONLINE

Phishing attacks are more advanced than ever

A phishing email or message is often the start of a cyberattack. Hackers send you a link that is designed to look legitimate, but it’s not. Instead, it delivers malware to your computer, giving hackers access to your system and allowing them to steal your money and data. You can’t blame yourself if you don’t recognize a phishing link.

Earlier this month, I reported on malware called “Voldemort,” which tricks people into clicking malicious links by pretending to be a government agency. This highlights how clever these scammers are in using deceptive techniques to infect your devices.

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4 additional ways to protect yourself from phishing attacks

To protect yourself from phishing attacks that use fake cloud services and other deceptive tactics, here are some specific steps you can take.

1) Verify website URLs: Always check the URL of a website before entering any sensitive information. Look for signs of a secure connection, such as “https://” and a padlock symbol in the browser’s address bar. Be cautious of slight misspellings or unusual domain extensions like .info.

2) Invest in data removal services: Hackers target you based on your publicly available information. That could be anything from your leaked info through a data breach to the information you provided to an e-commerce shop. Check out my top picks for data removal services here.

3) Keep software and systems updated: Regularly updating your operating system, browsers and security software is crucial to protect against vulnerabilities that hackers could exploit. Updates often include security patches, bug fixes and performance improvements. Enable automatic updates to ensure you don’t miss important patches. Manually check for updates if automatic options aren’t available. Staying current helps maintain device security and functionality.

4) Use strong, unique passwords: Employ strong, unique passwords for each account to prevent unauthorized access. Create passwords with a mix of letters, numbers and symbols, and avoid using the same password for multiple accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Get more details about my best expert-reviewed Password Managers of 2024 here.

3 MOST DANGEROUS TECH THREATS TO 2024 ELECTIONS

Kurt’s key takeaway

U.S. elections not only matter to Americans but also to the rest of the world, which is one reason foreign adversaries are attempting to manipulate the campaigns. Hackers are working hard to infect people’s devices to conduct espionage, spread misinformation and cause financial losses. The best thing you can do is stay alert, avoid clicking any links you don’t trust and invest in antivirus software. Hackers are changing their methods, so it’s important to take advantage of the available tools to protect yourself.

Do you verify the authenticity of a website or email before clicking on links or providing personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.