In August 2020, Iranian employees at Emennet Pasargad started a malicious campaign with the intention to interfere with the US Election 2020.
This campaign caused the following:
- They obtained confidential voter information
- Sent threatening emails to voters
- Published a video with misleading information about the existence of vulnerability in the voting process, which is not existing in fact
- Accessed the US media company’s network in an unauthorized way
- Intimidated voters with misleading information about the election and pretended to be one of the Proud Boys members
How did they do that?
Emennet is using a virtual Private network to black-out their activities.
They conduct a wide search for leading businesses in different sectors then they start to search for vulnerable software to access in an unauthorized way.
As concluded from Emennet previous attacks history, they are always attacking pages using PHP code and MySQL databases.
They are also interested in a list of applications such as:
- Apache Tomcat
- Wordpress
- Drupal
- Ckeditor and Fckeditor
For more info and recommendations on how to protect your System please check that link: https://www.ic3.gov/Media/News/2022/220126.pdf
