Elections are coming up, and threat actors are ramping up efforts to manipulate voters and attack political campaigns. Cybersecurity researchers have discovered new network infrastructure set up by Iranian hackers, aimed at targeting U.S. political campaigns. They use phishing emails and links to trick users into installing malicious software, often pretending to be cloud services.

What you need to know

The infrastructure has been discovered by Recorded Future’s Insikt Group, which has been tracking it since June 2024. The cybersecurity company has linked the infrastructure to GreenCharlie, an Iran-nexus cyberthreat group with connections to Mint Sandstorm, Charming Kitten, and APT42.

“GreenCharlie’s phishing operations are highly targeted, often employing social engineering techniques that exploit current events and political tensions,” Recorded Future said.

The hackers have set up their systems very carefully, using specific services to create websites for phishing attacks. These fake websites often look like they belong to cloud services, file-sharing platforms or document-viewing tools to trick people into sharing personal information or downloading harmful files.

Some examples of these fake website names include “cloud,” “uptimezone,” “doceditor,” “joincloud” and “pageviewer.” Most of these sites were registered with the .info domain, which is a change from the other domains like .xyz, .icu and .online that hackers used in the past.

It’s not their first rodeo

The threat actors are known for launching highly targeted phishing attacks, where they use sophisticated social engineering tricks to infect users with malware. Some of the malware they use includes POWERSTAR (also known as CharmPower and GorjolEcho) and GORBLE, which was recently identified by Google’s Mandiant as being used in attacks against Israel and the U.S.

“Iran and its associated cyber-espionage actors have consistently demonstrated both the intent and capability to engage in influence and interference operations targeting U.S. elections and domestic information spaces. These campaigns are likely to continue utilizing hack-and-leak tactics aimed at undermining or supporting political candidates, influencing voter behavior, and fostering discord,” the cybersecurity company said.

Phishing attacks are more advanced than ever

A phishing email or message is often the start of a cyberattack. Hackers send you a link that is designed to look legitimate, but it’s not. Instead, it delivers malware to your computer, giving hackers access to your system and allowing them to steal your money and data. You can’t blame yourself if you don’t recognize a phishing link.

Earlier this month, I reported on malware called “Voldemort,” which tricks people into clicking malicious links by pretending to be a government agency. This highlights how clever these scammers are in using deceptive techniques to infect your devices.

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4 additional ways to protect yourself from phishing attacks

To protect yourself from phishing attacks that use fake cloud services and other deceptive tactics, here are some specific steps you can take.

1) Verify website URLs: Always check the URL of a website before entering any sensitive information. Look for signs of a secure connection, such as “https://” and a padlock symbol in the browser’s address bar. Be cautious of slight misspellings or unusual domain extensions like .info.

2) Invest in data removal services: Hackers target you based on your publicly available information. That could be anything from your leaked info through a data breach to the information you provided to an e-commerce shop. Check out my top picks for data removal services here.

3) Keep software and systems updated: Regularly updating your operating system, browsers and security software is crucial to protect against vulnerabilities that hackers could exploit. Updates often include security patches, bug fixes and performance improvements. Enable automatic updates to ensure you don’t miss important patches. Manually check for updates if automatic options aren’t available. Staying current helps maintain device security and functionality.

4) Use strong, unique passwords: Employ strong, unique passwords for each account to prevent unauthorized access. Create passwords with a mix of letters, numbers and symbols, and avoid using the same password for multiple accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Get more details about my best expert-reviewed Password Managers of 2024 here.

Kurt’s key takeaway

U.S. elections not only matter to Americans but also to the rest of the world, which is one reason foreign adversaries are attempting to manipulate the campaigns. Hackers are working hard to infect people’s devices to conduct espionage, spread misinformation and cause financial losses. The best thing you can do is stay alert, avoid clicking any links you don’t trust and invest in antivirus software. Hackers are changing their methods, so it’s important to take advantage of the available tools to protect yourself.

