A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group. The campaign bore striking similarities to previous reconnaissance by Iran-backed APT groups―rapport with the victim was established to infect their machine with malware and extract sensitive information―although this campaign spanned a longer-than-usual period. It is believed that TA456 operates under the same threat umbrella as the “Tortoiseshell” group and that the groups are both affiliated with the Islamic Revolutionary Guard Corps (IRGC). Based on Iran’s historical targeting of US defense and government employees, it is likely that future social engineering campaigns will use similar tactics, techniques, and procedures (TTPs), to support Iran’s strategic goals.
