FBI shares technical details On Iranian state Sponsored threat group of proud Boys

The FBI (Federal Bureau of Investigation) shared Indicators of Compromise (IOCs) linked with the Iranian state sponsored threat group of Proud Boys Voter Intimidation emails that targeted Democratic Voters.

The threatening tricked email used the “Voter For Trump or Else” Subject and warned voters registered as Democrats that they must vote for president Trump and shift their party to republican if they want the proud Boys far-right group to come after them.

DNI Director Confirms Voter registration info theft:

Some of the emails also included like as Voter’s full names, and mailing addresses or a video showing proud Boys hacker breaking Voter registration database.

Director of National Intelligence (DNI) john Ratcliffe definite  in a media conference that Iranian threat actors found voter registration info that was used in this malicious email campaign. Now, the FBI has shared identified IP addresses the Iranian hackers used “to conduct operations aimed at impacting the 2020 US Presidential Election, to include voter intimidation emails and dissemination of US election-related propaganda.”

Many of these IPs included in the list of IOCs correspond to paid Virtual Private Network (VPN) services that can also be used by individuals not involved with this attack campaign.

Although this creates the potential for false positives, any activity on the below would likely warrant further investigation,” the FBI adds. Some of these VPN IPs linked to the Iranian APT actors are from NordVPN’s server list and may also correspond to other VPN providers such as CDN77, HQSERV, and M247.