Iran

Google’s threat team confirms Iran targeting Trump, Biden, and Harris campaigns

APT42, Biz & IT, Donald Trump, Gmail, Google, google tag, Iran, Kamala Harris, phishing, President Biden, Roger Stone, Security, spearphishing, threat analysis group / Kris Guyer / August 15, 2024

It is only August —

Another Big Tech firm seems to confirm Trump adviser Roger Stone was hacked.

Kevin Purdy – Aug 15, 2024 6: 26 pm UTC

Roger Stone, former adviser to Donald Trump's presidential campaign, center, during the Republican National Convention (RNC) in Milwaukee on July 17, 2024. — Enlarge / Roger Stone, former adviser to Donald Trump’s presidential campaign, center, during the Republican National Convention (RNC) in Milwaukee on July 17, 2024.

Getty Images

Google’s Threat Analysis Group confirmed Wednesday that they observed a threat actor backed by the Iranian government targeting Google accounts associated with US presidential campaigns, in addition to stepped-up attacks on Israeli targets.

APT42, associated with Iran’s Islamic Revolutionary Guard Corps, “consistently targets high-profile users in Israel and the US,” the Threat Analysis Group (TAG) writes. The Iranian group uses hosted malware, phishing pages, malicious redirects, and other tactics to gain access to Google, Dropbox, OneDrive, and other cloud-based accounts. Google’s TAG writes that it reset accounts, sent warnings to users, and blacklisted domains associated with APT42’s phishing attempts.

Among APT42’s tools were Google Sites pages that appeared to be a petition from legitimate Jewish activists, calling on Israel to mediate its ongoing conflict with Hamas. The page was fashioned from image files, not HTML, and an ngrok redirect sent users to phishing pages when they moved to sign the petition.

A petition purporting to be from The Jewish Agency for Israel, seeking support for mediation measures—but signatures quietly redirect to phishing sites, according to Google.

Google

In the US, Google’s TAG notes that, as with the 2020 elections, APT42 is actively targeting the personal emails of “roughly a dozen individuals affiliated with President Biden and former President Trump.” TAG confirms that APT42 “successfully gained access to the personal Gmail account of a high-profile political consultant,” which may be longtime Republican operative Roger Stone, as reported by The Guardian, CNN, and The Washington Post, among others. Microsoft separately noted last week that a “former senior advisor” to the Trump campaign had his Microsoft account compromised, which Stone also confirmed.

“Today, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns,” Google’s TAG writes.

PDFs and phishing kits target both sides

Google’s post details the ways in which APT42 targets operatives in both parties. The broad strategy is to get the target off their email and into channels like Signal, Telegram, or WhatsApp, or possibly a personal email address that may not have two-factor authentication and threat monitoring set up. By establishing trust through sending legitimate PDFs, or luring them to video meetings, APT42 can then push links that use phishing kits with “a seamless flow” to harvest credentials from Google, Hotmail, and Yahoo.

After gaining a foothold, APT42 will often work to preserve its access by generating application-specific passwords inside the account, which typically bypass multifactor tools. Google notes that its Advanced Protection Program, intended for individuals at high risk of attack, disables such measures.

Publications, including Politico, The Washington Post, and The New York Times, have reported being offered documents from the Trump campaign, potentially stemming from Iran’s phishing efforts, in an echo of Russia’s 2016 targeting of Hillary Clinton’s campaign. None of them have moved to publish stories related to the documents.

John Hultquist, with Google-owned cybersecurity firm Mandiant, told Wired’s Andy Greenberg that what looks initially like spying or political interference by Iran can easily escalate to sabotage and that both parties are equal targets. He also said that current thinking about threat vectors may need to expand.

“It’s not just a Russia problem anymore. It’s broader than that,” Hultquist said. “There are multiple teams in play. And we have to keep an eye out for all of them.”

Google’s threat team confirms Iran targeting Trump, Biden, and Harris campaigns Read More »

Rocket Report: SpaceX at the service of a rival; Endeavour goes vertical

Cygnus, human spaceflight, international space station, Iran, Northrop Grumman, rocket report, Space, Space shuttle, spacex, starship / Kris Guyer / February 3, 2024

Stacked —

The US military appears interested in owning and operating its own fleet of Starships.

Stephen Clark – Feb 2, 2024 12: 00 pm UTC

Space shuttle<em> Endeavour</em>, seen here in protective wrapping, was mounted on an external tank and inert solid rocket boosters at the California Science Center.” src=”https://cdn.arstechnica.net/wp-content/uploads/2024/02/GFNrsMPWIAAWxNw-800×1000.jpeg”></img><figcaption>
<p><a data-height=

Welcome to Edition 6.29 of the Rocket Report! Right now, SpaceX’s Falcon 9 rocket is the only US launch vehicle offering crew or cargo service to the International Space Station. The previous version of Northrop Grumman’s Antares rocket retired last year, forcing that company to sign a contract with SpaceX to launch its Cygnus supply ships to the ISS. And we’re still waiting on United Launch Alliance’s Atlas V (no fault of ULA) to begin launching astronauts on Boeing’s Starliner crew capsule to the ISS. Basically, it’s SpaceX or bust. It’s a good thing that the Falcon 9 has proven to be the most reliable rocket in history.

As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.

Virgin Galactic flies four passengers to the edge of space. Virgin Galactic conducted its first suborbital mission of 2024 on January 26 as the company prepares to end flights of its current spaceplane, Space News reports. The flight, called Galactic 06 by Virgin Galactic, carried four customers for the first time, along with its two pilots, on a suborbital hop over New Mexico aboard the VSS Unity rocket plane. Previous commercial flights had three customers on board, along with a Virgin Galactic astronaut trainer. The customers, which Virgin Galactic didn’t identify until after the flight, held US, Ukrainian, and Austrian citizenship.

Pending retirement … Virgin Galactic announced last year it would soon wind down flights of VSS Unity, citing the need to conserve its cash reserves for development of its next-generation Delta class of suborbital vehicles. Those future vehicles are intended to fly more frequently and at lower costs than Unity. After Galactic 06, Virgin Galactic said it will fly Unity again on Galactic 07 in the second quarter of the year with a researcher and private passengers. The company could fly Unity a final time later this year on the Galactic 08 mission. Since 2022, Virgin Galactic has been the only company offering commercial seats on suborbital spaceflights. The New Shepard rocket and spacecraft from competitor Blue Origin hasn’t flown people since a launch failure in September 2022. (submitted by Ken the Bin)

Iran launches second rocket in eight days. Iran launched a trio of small satellites into low-Earth orbit on January 28, Al Jazeera reports. This launch used Iran’s Simorgh rocket, which made its first successful flight into orbit after a series of failures dating back to 2017. The two-stage, liquid-fueled Simorgh rocket deployed three satellites. The largest of the group, named Mehda, was designed to measure the launch environments on the Simorgh rocket and test its ability to deliver multiple satellites into orbit. Two smaller satellites will test narrowband communication and geopositioning technology, according to Iran’s state media.

Back to back … This was a flight of redemption for the Simorgh rocket, which is managed by the civilian-run Iranian Space Agency. While the Simorgh design has repeatedly faltered, the Iranian military’s Islamic Revolutionary Guard Corps has launched two new orbital-class rockets in recent years. The military’s Qased launch vehicle delivered small satellites into orbit on three successful flights in 2020, 2022, and 2023. Then, on January 20, the military’s newest rocket, named the Qaem 100, put a small remote-sensing payload into orbit. Eight days later, the Iranian Space Agency finally achieved success with the Simorgh rocket. Previously, Iranian satellite launches have been spaced apart by at least several months. (submitted by Ken the Bin)

The easiest way to keep up with Eric Berger’s space reporting is to sign up for his newsletter, we’ll collect his stories in your inbox.

Rocket Lab’s first launch of 2024. Rocket Lab was back in action on January 31, kicking off its launch year with a recovery Electron mission from New Zealand. This was its second return-to-flight mission following a mishap late last year, Spaceflight Now reports. Rocket Lab’s Electron rocket released four Space Situational Awareness (SSA) satellites into orbit for Spire Global and NorthStar Earth & Space. Peter Beck, Rocket Lab’s founder and CEO, said in a statement that the company has more missions on the books for 2024 than in any year before. Last year, Rocket Lab launched 10 flights of its light-class Electron launcher.

Another recovery … Around 17 minutes after liftoff, the Electron’s first-stage booster splashed down in the Pacific Ocean under parachute. A recovery vessel was stationed nearby downrange from the launch base at Mahia Peninsula, located on the North Island of New Zealand. Rocket Lab has ambitions of re-flying a first stage booster in its entirety. Last August, it demonstrated partial reuse with the re-flight of a Rutherford engine salvaged from a booster recovered on a prior mission. (submitted by Ken the Bin)

PLD Space wins government backing. PLD Space has won the second and final round of a Spanish government call to develop sovereign launch capabilities, European Spaceflight reports. Spain’s Center for Technological Development and Innovation announced on January 26 that it selected PLD Space, which is developing a small launch vehicle called Miura 5, to receive a 40.5-million euro loan from a government fund devoted to aiding the Spanish aerospace sector, with a particular emphasis on access to space. Last summer, the Spanish government selected PLD Space and Pangea Aerospace to each receive 1.5 million euros in a preliminary funding round to mature their designs. PLD Space won the second round of the loan competition.

Moving toward Miura 5 … “The technical decision in favor of PLD Space confirms that our technological development strategy is sound and is based on a solid business plan,” said Ezequiel Sanchez, PLD Space’s executive president. “Winning this public contract to create a strategic national capability reinforces our position as a leading company in securing Europe’s access to space.” Miura 5 will be capable of launching about a half-ton of payload mass into low-Earth orbit and is scheduled to make its debut launch from French Guiana in late 2025 or early 2026, followed by the start of commercial operations later in 2026. PLD Space will need to repay the loan through royalties over the first 10 years of the commercial operation of Miura 5. (submitted by Leika)

Rocket Report: SpaceX at the service of a rival; Endeavour goes vertical Read More »