Iran-linked cyberspies expand targeting to medical researchers, travel agenciesA cyberespionage group aligned with Iran’s Islamic Revolutionary Guard Corps (IRGC) has been observed attacking new targets over the last two years, including medical researchers, an aerospace engineer and even a Florida-based realtor.“All this serves as a window into aims of the Islamic Revolutionary Guard Corps and the flexible mandate under which TA453 works.”Proofpoint said it started to observe differences in TA453’s targeting in late 2020, namely when the group was observed attacking senior professionals at various medical research organizations in the U.S. and Israel with credential harvesting attacks.In July and August 2021, Proofpoint researchers identified spear phishing attacks targeting scholars with backgrounds in women’s and gender studies at various North American universities.Another incident that deviated from the group’s traditional targeting was a February 2022 attack that centered on a Florida-based realtor “involved in the sale of multiple homes located near the headquarters of US Central Command.” CENTCOM is the U.S. Combatant Command responsible for Middle East military operations.Other techniques include the use of GhostEcho, a backdoor that’s used to “deliver follow-on espionage focused capabilities” once the group gains access to a victim, and leveraging a persona named “Samantha Wolf” for confrontational social engineering lures."