Google claims to have spotted and disrupted several phishing campaigns in Iran – attempts to compromise tens of thousands of email accounts in the run-up to the country’s presidential elections this Friday.
Google says the attacks originate within Iran – and claims to have disrupted previous attacks by the same group.
Writing on Google’s Security Blog, Eric Grosse said, “For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users.”
“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.”
Google said that what appeared to be the same group had previously misused SSL certificates to conduct attacks against Iranian internet users in 2011, but that this wave of attacks appeared to be “more routine”.
Users were directed to a fake Google sign-in page, which harvested passwords and usernames. Google’s post did not elaborate on how attackers might be using the data.
Friday’s election is set to be critical for the country. Current incumbent Mahmoud Ahmadinejad is not permitted to stand for a third term, and voters will choose between six new candidates.
Author Rob Waugh, We Live Security