An Iranian threat actor, Aria Sepehr Ayandehsazan aka Emennet Pasargad, was involved in numerous operations in 2024, including one against the Summer Olympics in which they tried to compromise a French commercial dynamic display provider.
While many threat actors get in the news by using ransomware and stealing information from compromised infrastructure, not all groups are the same. Their interests will differ depending on who's funding them or guiding them from the shadows.
The Federal Bureau of Investigation (FBI), U.S. Department of Treasury, and Israel National Cyber Directorate released a comprehensive report about an Iranian group named Aria Sepehr Ayandehsazan or Emennet Pasargad had some interesting targets and used innovative tactics.
For example, one of their focuses was harvesting content from IP cameras, and they used online resources related to Artificial Intelligence.
"Recently released reporting from Microsoft indicates this group has demonstrated interest in election-related websites and media outlets, suggesting preparations for future influence operations," the report has underlined.
Moreover, in 2024, the actors used "VPS-agent" infrastructure to compromise a French commercial dynamic display provider. Their goal was to display photo montages denouncing the participation of Israeli athletes in the 2024 Olympic and Paralympic Games.
Needless to say, the attack didn't work, but if it had, it would have been accompanied by a fake news article on a French collaborative media website.
Furthermore, the same group has been trying to enumerate and obtain content from IP cameras in Israel, including hours after the October 7, 2023, HAMAS attack.
According to the FBI, the Irianian groups’ tactics, techniques, and procedures have been evolving in the past few years, and they’re looking to add generative Artificial Intelligence (an AI-generated news anchor) to their messaging efforts.
The advisory details the MITRE ATT&CK tactics and techniques employed by the group, along with all relevant indicators of compromise.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsDecember 19, 2024
November 14, 2024