Iran hacking group impersonates defense firms, hostage campaigners | CyberScoop<\/title> <meta name=\"description\" content=\"A hacking campaign linked to the Islamic Revolutionary Guard Corps is targeting firms in the defense sector with a pair of new backdoors.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/iran-hostages-boeing-dji\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Iran hacking group impersonates defense firms, hostage campaigners\"> <meta property=\"og:description\" content=\"A hacking campaign linked to the Islamic Revolutionary Guard Corps is targeting firms in the defense sector with a pair of new backdoors.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/iran-hostages-boeing-dji\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-02-28T02:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-02-27T20:07:31+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1706643139g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1708982929\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1708982930\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=17ca7a1ec36db7d13744\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1708982929\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79475\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79475\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firan-hostages-boeing-dji%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firan-hostages-boeing-dji%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79475 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/iran-hostages-boeing-dji\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.568541300527\">\n<div class=\"single-article__header-content\" readability=\"30.327935222672\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> A hacking campaign linked to the Islamic Revolutionary Guard Corps is targeting firms in the defense sector with a pair of new backdoors. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-5.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A picture taken from the plain of Khiam shows a man waving an Iranian flag as smoke rises from burning dry grass, following skirmishes between Lebanese youths and Israeli soldiers, at a rally to mark the 23rd anniversary of Israel’s withdrawal from Lebanon, on May 25, 2023. (Photo by MAHMOUD ZAYYAT\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"20.897309062129\"><body readability=\"42.728270412643\"><\/p>\n<p>An Iranian-sponsored cyberespionage unit is impersonating major brands like Boeing and the Chinese drone manufacturer DJI as part of a social engineering and phishing campaign targeting the aerospace, aviation and defense industries across the Middle East, <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/suspected-iranian-unc1549-targets-israel-middle-east\">researchers with Mandiant said late Tuesday<\/a>.<\/p>\n<p>The Iranian hacking group has also been observed employing a fake website playing on the Israel-Hamas war, using the \u201cBring Them Home Now!\u201d slogan associated with a campaign to free hostages held by Hamas. The website is the latest example of the way in which Iranian hacking groups are using the conflict between Israel and Hamas to carry out opportunistic attacks linked to the fighting.<\/p>\n<p>The Iranian campaign relies on phony job offers from major international companies and the fake hostage-themed website to funnel targets to compromised websites designed to either harvest credentials or deliver one of two previously unreported and unique backdoors dubbed \u201cMINIBUS\u201d and \u201cMINIBIKE,\u201d the researchers said.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners.png?w=640&ssl=1\" alt class=\"wp-image-79481\"><figcaption class=\"wp-element-caption\">Fake website deployed by Iranian-sponsored cyberespionage group (Mandiant).<\/figcaption><\/figure>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The current campaign dates to at least June 2022 and remains active. It has mostly targeted Israel, the United Arab Emirates and, potentially Turkey, India and Albania, the researchers said.<\/p>\n<p>The unit behind the campaign is tracked as UNC1549 by Mandiant and the infrastructure described by Mandiant overlaps with the hacking groups dubbed <a href=\"https:\/\/cyberscoop.com\/tag\/tortoiseshell\/\">Tortoiseshell<\/a> and <a href=\"https:\/\/www.crowdstrike.com\/adversaries\/imperial-kitten\/\">Imperial Kitten.<\/a> The unit is likely linked to the Islamic Revolutionary Guard Corps and has a history of using fake job offers and similar lures in social engineering campaigns going back years.<\/p>\n<p>In July 2021, for instance, <a href=\"https:\/\/cyberscoop.com\/facebook-tortoiseshell-iran-military\/\">Facebook announced<\/a> the disruption of one of the group\u2019s campaigns that used accounts on the social media platform to pose as recruiters to target U.S. military members. An <a href=\"https:\/\/www.pwc.com\/gx\/en\/issues\/cybersecurity\/cyber-threat-intelligence\/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html#\">October 2023 PwC analysis<\/a> noted that the group is known to employ both custom and off-the-shelf malware to achieve its espionage goals, which includes credential harvesting and data exfiltration.<\/p>\n<p>The current campaign uses Microsoft Azure cloud infrastructure for command and control and hosting functions, \u201cmaking it difficult to discern the activity from legitimate network traffic,\u201d the researchers said. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.1068548387097\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"21.607142857143\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/google-iranian-regional-hacking-operations-that-target-israel-remain-opportunistic-but-focused\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> This picture taken from Rafah shows smoke billowing following Israeli bombardments over Khan Yunis in the southern Gaza Strip on February 13, 2024, amid the ongoing conflict between Israel and the Palestinian Hamas militant group. (Photo by SAID KHATIB \/ AFP) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.7173913043478\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/google-iranian-regional-hacking-operations-that-target-israel-remain-opportunistic-but-focused\/\"> Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused <\/a> <\/h3>\n<p> Objectives from the hacking groups include espionage, information operations or destructive activities, researchers say. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/microsoft-iran-is-refining-its-cyber-operations\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"264\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-3.jpg?resize=264%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=300,191 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=768,489 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=1024,652 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=1536,978 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=600,382 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=264,168 264w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=529,337 529w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=1060,675 1060w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-7.jpg?resize=1323,843 1323w\" sizes=\"auto, (max-width: 264px) 100vw, 264px\"> <\/a><figcaption class=\"screen-reader-text\"> An Iranian flag waves in a wind outside the Vienna International Centre hosting the United Nations (UN) headquarters and the International Atomic Energy Agency (IAEA) as the socalled EU 5+1 talks with Iran take place in Vienna, on July 3, 2014. (Photo by JOE KLAMAR\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/microsoft-iran-is-refining-its-cyber-operations\/\"> Microsoft: Iran is refining its cyber operations <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-iranian-officials-over-pennsylvania-water-facility-hack\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners-8.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> The US Treasury building in Washington, DC, on October 4, 2022. (Photo by STEFANI REYNOLDS\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-iranian-officials-over-pennsylvania-water-facility-hack\/\"> U.S. government sanctions Iranian officials over Pennsylvania water facility hack <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/iran-hostages-boeing-dji\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran hacking group impersonates defense firms, hostage campaigners | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[302,117,1188,1593,513,1240,288,1594,1595],"tags":[306,119,1189,1596,517,1242,294,1597,1598],"class_list":["post-2618","post","type-post","status-publish","format-standard","hentry","category-geopolitics","category-government","category-hamas-israel-cyber-ops","category-imperial-kitten","category-iran","category-irgc","category-threats","category-tortoiseshell","category-unc1549","tag-geopolitics","tag-government","tag-hamas-israel-cyber-ops","tag-imperial-kitten","tag-iran","tag-irgc","tag-threats","tag-tortoiseshell","tag-unc1549"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hamas-israel-cyber-ops\/\" rel=\"category tag\">Hamas-Israel cyber ops<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/imperial-kitten\/\" rel=\"category tag\">Imperial Kitten<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/irgc\/\" rel=\"category tag\">IRGC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/tortoiseshell\/\" rel=\"category tag\">Tortoiseshell<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unc1549\/\" rel=\"category tag\">UNC1549<\/a>","tag_info":"UNC1549","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2618"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2618\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2618,"date":"2024-02-28T02:00:00","date_gmt":"2024-02-28T02:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79475"},"modified":"2024-02-28T02:00:00","modified_gmt":"2024-02-28T02:00:00","slug":"iran-hacking-group-impersonates-defense-firms-hostage-campaigners","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/02\/28\/iran-hacking-group-impersonates-defense-firms-hostage-campaigners\/","title":{"rendered":"Iran hacking group impersonates defense firms, hostage campaigners"},"content":{"rendered":"