The FBI cautions that the Iranian threat group Emennet Pasargad may conduct hack-and-leak activities against US interests, precisely the November midterm elections, despite the group's primary focus on attacking Israeli leaders.
The US Treasury announced penalties over five Iranians and Emennet Pasargad, the firm they worked for, in November 2021 after the US issued a warning in November 2020 that Iranian hackers had taken advantage of known weaknesses to acquire voter registration data.
According to the information from the FBI, Emennet has been targeting organizations, primarily in Israel, with cyber-enabled information operations since at least 2020. These operations included an initial intrusion, data theft, and subsequent leak, followed by attenuation through online and social media forums, and in some cases, the implementation of destructive encryption malware.
The gang also targets businesses with PHP-powered websites or MySQL databases that can be accessed from the outside. The FBI claims hackers frequently launch attacks using open-source software for penetration testing.
The Bureau claims that Emennet executes false-flag attacks against Israel using online personas like hacktivists or cybercriminal groups. It warns that the company may use the same strategies to target US entities. The majority of the measures mentioned in the report were ones the group employed in the 2020 U.S. Presidential election.
The FBI issued a warning, stating that the gang would 'probably' target popular content-management tools like Drupal and WordPress. The infamous Log4j vulnerability has also been used by Emennet in cyberattacks on at least one U.S.-based company.
Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, two Iranian consultants who started working for Emennet Pasargad, initiated several operations intended to sow discord and undermine voters' confidence in the American electoral process, were the subject of a $10 million reward offered by the U.S. State Department in February.
Although still at large, Kazemi and Kashian are thought to be in Iran. The FBI's list of cyber criminals wanted now includes the two as well. The FBI also provides organizations with advice on how to reduce the risk posed by Emennet and a list of tactics, methods, and procedures (TTPs) related to the group.
