Skip to first unread message
SW-ISAC Announce
Oct 2, 2024, 12:12:50 AM10/2/24
to SW-ISAC Announce
Cyber actors working on behalf of the Iranian Government’s
Islamic Revolutionary Guard Corps (IRGC) have been observed attempting to gain access to victims’ personal and business
accounts using social engineering techniques, often impersonating professional contacts on email or
messaging platforms.
In addition, these actors might attempt to impersonate known email service
providers to solicit sensitive user security information on email or messaging platforms. The targets
usually have some nexus to Iranian and Middle Eastern affairs, such as current or former senior
government officials, senior think tank personnel, journalists, activists, and lobbyists.
More recently,
these actors have been observed targeting persons associated with US political campaigns.
Accounts created using the following malicious domains, or messages containing links to these domains, should be reviewed for authenticity.
The below domains are historical infrastructure associated with cyber actors working on behalf of IRGC. This data is being provided for informational purposes, to facilitate the identification of past cyber incidents, and to enable better tracking and attribution of these cyber actors. We do not recommend blocking the following domains based solely on their inclusion in this advisory.
3dauth[.]live
3dconfirrnation[.]com
accesscheckout[.]online
accessverification[.]online
accunt-loqin[.]ml
accurateprivacy[.]online
atlantic-council[.]com
bitly[.]org[.]il
boom-boom[.]ga
bytli[.]us
continuetogo[.]me
continue-to-your-account[.]000webhostapp[.]com
covi19questionaire[.]000webhostapp[.]com
covid19questionnaire[.]freesite[.]vip
css-ethz[.]ch
cutly[.]biz
cutly[.]vip
daemon-mailer[.]com
de-ma[.]online
direct-access[.]info
discovery-protocol[.]ml
docfileview[.]org
doctransfer[.]online
dreamycareer[.]com
dr-sup[.]live
email-daemon[.]site
email-protection[.]online
file-access[.]com
filetransfer[.]club
freahman[.]online
freshconnect[.]live
gdrive-files[.]com
gettogether[.]quest
gl-sup[.]online
gm-sup[.]com
g-shorturl[.]com
home[.]kg
idccovid19questionaire[.]000webhostapp[.]com
ipsss[.]000webhostapp[.]com
linkauthenticator[.]online
litby[.]us
lovetoflight[.]com
lst-accurate[.]com
ltf[.]world
mailerdaemon[.]info
mailer-daemon[.]live
mailer-daemon[.]me
mailer-daemon[.]net
mailer-daemon[.]online
mailer-daemon[.]org
mailer-daemon[.]site
mailer-daemon[.]us
mailer-daemon-message[.]co
mailer-support[.]online
mfa-ic[.]ae
mofa-ic[.]ae
myconnect-support[.]com
on-dr[.]com
private-file-sharing[.]000webhostapp[.]com
qmaiil[.]ml
reactivate-disabled-accuonts[.]000webhostapp[.]com
redirect-drive[.]online
safeshortl[.]ink
shared-files-access[.]live
sharefilesonline[.]live
summit-files[.]com
tinyurl[.]co[.]il
tinyurl[.]ink
tinyurl[.]live
uani[.]us
verificationservice[.]online
washingtonlnstitute[.]org
workstation2020[.]000webhostapp[.]com
www-myaccounts-support[.]000webhostapp[.]com
3dconfirrnation[.]com
accesscheckout[.]online
accessverification[.]online
accunt-loqin[.]ml
accurateprivacy[.]online
atlantic-council[.]com
bitly[.]org[.]il
boom-boom[.]ga
bytli[.]us
continuetogo[.]me
continue-to-your-account[.]000webhostapp[.]com
covi19questionaire[.]000webhostapp[.]com
covid19questionnaire[.]freesite[.]vip
css-ethz[.]ch
cutly[.]biz
cutly[.]vip
daemon-mailer[.]com
de-ma[.]online
direct-access[.]info
discovery-protocol[.]ml
docfileview[.]org
doctransfer[.]online
dreamycareer[.]com
dr-sup[.]live
email-daemon[.]site
email-protection[.]online
file-access[.]com
filetransfer[.]club
freahman[.]online
freshconnect[.]live
gdrive-files[.]com
gettogether[.]quest
gl-sup[.]online
gm-sup[.]com
g-shorturl[.]com
home[.]kg
idccovid19questionaire[.]000webhostapp[.]com
ipsss[.]000webhostapp[.]com
linkauthenticator[.]online
litby[.]us
lovetoflight[.]com
lst-accurate[.]com
ltf[.]world
mailerdaemon[.]info
mailer-daemon[.]live
mailer-daemon[.]me
mailer-daemon[.]net
mailer-daemon[.]online
mailer-daemon[.]org
mailer-daemon[.]site
mailer-daemon[.]us
mailer-daemon-message[.]co
mailer-support[.]online
mfa-ic[.]ae
mofa-ic[.]ae
myconnect-support[.]com
on-dr[.]com
private-file-sharing[.]000webhostapp[.]com
qmaiil[.]ml
reactivate-disabled-accuonts[.]000webhostapp[.]com
redirect-drive[.]online
safeshortl[.]ink
shared-files-access[.]live
sharefilesonline[.]live
summit-files[.]com
tinyurl[.]co[.]il
tinyurl[.]ink
tinyurl[.]live
uani[.]us
verificationservice[.]online
washingtonlnstitute[.]org
workstation2020[.]000webhostapp[.]com
www-myaccounts-support[.]000webhostapp[.]com
Reference:
Reply all
Reply to author
Forward
0 new messages