Cybersecurity firm Mandiant has released information regarding what is believed to be a new Iranian state-sponsored hacking group referred to as APT42. The group is allegedly using a custom Android malware to spy on targets that fit its interests. Mandiant has reportedly collecting enough evidence to prove that the group is separate from other previously identified groups. APT42 is a state-sponsored threat actor who conducts cyberespionage against individuals and organizations that hold a particular interest to the Iranian government, Mandiant says.
APT42’s activity spans back several years and includes spear-phishing campaigns that lasted several months and targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The hackers aim to steal account credentials, access device storage, extract communication data, and track victims, according to Mandiant. The custom Android malware strain it deploys is capable of all of these malicious activities. The group has reportedly conducted 30 operations in 14 countries since 2015.
Read More: New Iranian hacking group APT42 deploys custom Android spyware
