The FBI released a private industry notification to warn industries and organisations about an Iran-based cyber company called Emennet Pasargad that operates malicious activities against them.
According to the agency, the Iranian cyber firm has constantly rebranded its company to avoid the sanctions laid out by the US. The advisory released by the FBI also details the tactics, techniques, and procedures used by the firm.
The Emennet firm once introduced themselves as a proper radical organisation known as “Proud Boys” during the 2020 presidential election in the US. As per the notice of the FBI, the cyber group expanded its operations and is eyeing several industry verticals and propagating dangerous propaganda.
The federal law enforcement also said that Emennet operated conventional cyber exploitation against various sectors such as shipping, telecoms, oil, travel, and news in the Middle East, Europe, and the United States.
Based on the reports of the FBI, the Iranian Emennet group utilised several VPNs to obfuscate their location and several commercial and open-source tools such as SQLmap, wpscan, Dnsdumpster, Wappalyzer, Acunetix, and Netsparker.
Additionally, the group picks its targets by scanning the web for prominent firms in a variety of sectors which then the hackers would look for flaws to abuse in the target’s software.
The Emennet group would attempt to identify hosting and shares hosting services in a few cases. A separate researcher discovered that the Iranian threat group is attracted to web pages that run PHP code, Apache Tomcat, Drupal, and WordPress.
Furthermore, the group has tried to exploit past intrusions attempted by other threat actors to see if it is still working.
Last October, the US District Court for the Southern District of New York inculpated two Iranian nationals connected to the Emennet for cyber intrusion, fraud, interstate threats, and conspiracy offenses.
The hackers had also deployed cyber-enabled information operations by utilising a false flag image to spread malicious propaganda through SMS.
The FBI has detailed why organisations must separate themselves from the Emennet Pasargad and noted that organisations should keep a keen eye on spotting any threats caused by the Iranian group.
