The UNK_SmudgedSerpent campaign, operating from June to August 2025, represents a shift in state-sponsored cyber espionage tactics. Attackers utilize social engineering to impersonate well-known figures and lure victims into legitimate-looking collaboration requests, misleading them into malicious actions. Researchers note that the involvement of familiar Iranian hacking groups complicates attribution and highlights the maturity of Iranian cyber operations. Techniques include the use of Remote Management and Monitoring (RMM) tools, maximizing operational security and blending in with normal IT activities.
This multi-stage approach begins with credential harvesting through spoofed Microsoft 365 login pages, transitioning from failed phishing attempts to refined methods that involve executing seemingly benign files. The deployment of legitimate software like PDQConnect enables long-term access and facilitates reconnaissance on compromised systems. The campaign exemplifies how state-sponsored actors evolve their strategies to remain undetected, raising concerns over the sophistication of threats targeting sensitive sectors such as academia and foreign policy.
👉 Pročitaj original: Cyber Security News
