In order to carry out information theft and long-term espionage, cybersecurity researchers have revealed details of a new campaign called CRESCENTHARVEST, which is probably aimed at supporters of Iran's ongoing protests This article explores information protests. . The attacks, which are intended to deliver a malicious payload that functions as a remote access trojan (RAT) and information stealer to execute commands, log keystrokes, and exfiltrate sensitive data, were noticed by the Acronis Threat Research Unit (TRU) after January 9.

Whether any of the attacks were successful is unknown at this time. "The campaign lures victims into opening malicious files by taking advantage of recent geopolitical developments.In a report released this week, researchers Subhajeet Singha, Eliad Kimhy, and Darrel Virtusio stated that LNK files were passed off as protest-related photos or videos.

"A Farsi-language report with updates from 'the rebellious cities of Iran' is included in these files along with real media. It seems that the purpose of this pro-protest framing is to boost credibility and draw in Farsi-speaking Iranians who are looking for information about protests.Despite being unattributed, CRESCENTHARVEST is thought to have been created by a threat organization with ties to Iran.

Below is a list of some of the supported commands: Anti, to perform anti-analysis checks His goal is to pilfer browser history. Dir, to list directories To obtain the current working directory, use Cwd; to modify the directory, use Cd. GetUser, to run PowerShell commands and retrieve user information (not working) To activate KeyLog, To steal Telegram session data, use Tel_s.

Cook in order to pilfer browser cookies Info, to obtain system data F_log, to obtain browser login credentials Upload, run shell commands, and upload files According to Acronis, "the CRESCENTHARVEST campaign is the most recent in a ten-year pattern of suspected nation-state cyber espionage operations targeting journalists, activists, researchers, and diaspora communities worldwide."

"LNK-based initial access, DLL side-loading through signed binaries, credential harvesting, and social engineering in line with current events are just a few examples of the well-established tradecraft that we saw in CRESCENTHARVEST." The revelation follows The New York Times' revelation that Iran's government probably used protesters' phones to track their whereabouts and send them a text message alerting them to the fact that their "presence at illegal gatherings" had been recorded and that they were being watched by "intelligence." It claimed that the action was an effort to quell dissent.

A report released last week by the digital rights organization Holistic Resilience, which focuses on Iran, claims that some individuals have had their SIM cards suspended for posting about the protests and other political issues on social media.

RaazNet stated, "The Islamic Republic is developing a unique model of digital control and surveillance, one that is based on conditional and interruptible connectivity rather than permanent isolation." "The National Information Network (NIN) is the main tenet of this model.