The FBI issued a private industry notification to warn organizations of an Iranian cyber firm conducting malicious activities against them. Named Emennet Pasargad, the company has frequently rebranded to evade sanctions imposed by the U.S. government. The alert also details the TTPs used by the group.

What’s going on?

Emennet posed as a radical right organization, named Proud Boys, during the presidential election in 2020. As per the FBI’s notice, the group has expanded its operations and is targeting various industry verticals and propagating hostile propaganda. The agency stated that Emennet performed conventional cyber exploitation against news, travel, shipping, financial, telecoms, and oil & petrochemical sectors in the U.S., the Middle East, and Europe.

Modus operandi

  • The group used multiple VPNs to hide their location and various commercial and open-source tools, such as Acunetix, SQLmap, Wappalyzer, Shodan, wpscan, Netsparker, and Dnsdumpster.
  • It chose its targets by combing the web for major firms in various sectors.
  • The hackers would, subsequently, look for vulnerabilities to exploit in the targets’ software.
  • In some cases, they would try identifying hosting and shared hosting services.
  • The researchers found that Emennet was especially interested in webpages running PHP code, along with WordPress, Apache Tomcat, and Drupal.
  • The group has, moreover, tried to leverage past intrusions by other actors.

Extra facts

  • In October 2021, the U.S. District Court for the Southern District of New York charged two Iranian nationals associated with Emennet for cyber fraud and intrusion, conspiracy offense, and interstate threats.
  • The Department of Treasury Office of Foreign Assets Control denominated Emennet, four members from the firm’s management, and two employees for their attempts at influencing the election.
  • The hackers had, formerly, launched cyber-enabled information operations using a false flag image to distribute propaganda via SMS.

The bottom line

The private industry notice offers a detailed historical review of Emennet Pasargad’s malicious activities. The FBI has offered certain recommendations to stay safe from the threat, including the implementation of reliable antivirus and anti-malware solutions and patching vulnerabilities in software at the earliest.

Cyware Publisher