Active since at least 2011, the adversary is also tracked as Ajax Security Team, APT35, ITG18, NewsBeef, Newscaster, and Phosphorus, and was previously observed targeting a U.S. presidential candidate, media organizations, government officials, and prominent expatriate Iranians, using an updated spear phishing technique.
In July, only a couple of months after Google revealed that the Iranian hackers targeted the WHO, the threat actor accidentally leaked 40Gb of data. In early 2020, the hackers were observed posing as journalists in a phishing campaign that targeted at least five individuals around the world.
