© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Microsoft and Google email accounts targeted by Iran threat actor, says analyst

A cybercriminal outfit allegedly backed by the Islamist state has been observed using a new tool to steal data from Microsoft, Gmail, and Yahoo! accounts, says a cybersecurity watchdog.

The Threat Analysis Group (TAG) has been tracking the deceptively named Charming Kitten – a cyber gang it believes to be on the payroll of Iran – for some years, and recently observed the cat flexing a new set of claws, namely a data-stealing stool named Hyperscrape.

“The attacker runs Hyperscrape on their own machine to download victims’ inboxes using previously acquired credentials,” said TAG, adding that it had seen the program used to rob data from around 20 email accounts in Iran hosted by Microsoft, Google, and Yahoo!

“Hyperscrape requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired,” it added. “It spoofs the user agent to look like an outdated browser, which enables the basic HTML view in Gmail.”

Once logged in, the tool changes the account’s language settings to English before individually downloading messages as .eml files and marking them as unread.

“After the program has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google,” said TAG.

Though it first observed Hyperscrape being used by Charming Kitten in December, TAG believes the earliest instance dates back to 2020, and that the tool is still under development.

Adding that it has notified the victims and taken action to resecure their accounts, TAG said the latest incident was an example of Charming Kitten’s persistence.

“Hyperscrape demonstrates Charming Kitten’s commitment to developing and maintaining purpose-built capabilities,” it said. “Like much of their tooling, Hyperscrape is not notable for its technical sophistication, but rather its effectiveness in accomplishing Charming Kitten’s objectives.”

More from Cybernews:

Federal police records exposed by leak in India

Major studio deal with robot rapper raises eyebrows

Oracle faces civil lawsuit over alleged privacy violations

Israeli spyware company NSO Group CEO steps down

Lockbit hit by DDoS after hack

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked