Collaborate Disseminate
Tehran’s latest hacking activity involves easy-to-detect techniques to gain access and then pivoting to stealthier methods.
The post Microsoft: Iranian espionage campaign targeted satellite and defense sectors appeared first on CyberScoop.
Continue reading Microsoft: Iranian espionage campaign targeted satellite and defense sectors
APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware. Continue reading Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign
After the U.S. military said it killed Qassem Soleimani, the chief of Iran’s Quds Force, in an airstrike early Friday in Baghdad, Iran’s supreme leader vowed to exact revenge on the United States. Of prime concern will be Iran’s ability to carry out violent physical attacks on U.S. interests or its allies throughout the Middle East. But Iran could also leverage its considerable hacking capabilities to disrupt U.S. organizations. The U.S. attack, ordered by President Donald Trump, was carried out in response to Soleimani’s “actively developing plans to attack American diplomats and service members in Iraq and throughout the region,” the Pentagon said in a statement. Iran has previously retaliated against the U.S. through distributed denial-of-service attacks on banks’ websites in 2012 and 2013, reportedly in response to U.S. sanctions. Since then, Iranian hackers have gotten more advanced — and shown a penchant for data-destroying hacks. Shamoon and more The country’s attackers allegedly used the infamous Shamoon […]
The post After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace appeared first on CyberScoop.
In the last two months, an aggressive hacking group linked with the Iranian government has made a troubling shift in its targeting, security researchers at Microsoft say. Instead of simply probing IT networks, the hackers have gone after a series of industrial control system (ICS) products used in the energy sector. Given that the group, known as APT33, has been linked with data-wiping hacks in the past, the new activity has analysts’ full attention. It fits a broader trend in state-linked activity in which attackers have been increasingly willing to probe industrial software to achieve their objectives. “You have an actor that has been linked to deployment of destructive payloads in the past,” said Microsoft security researcher Ned Moran, laying out his concerns. “You have an actor that’s really interested in the energy industry,” including important infrastructure such as pipelines, refineries and power plants. What APT33’s objectives are in its latest activity […]
The post APT33 has shifted targeting to industrial control systems software, Microsoft says appeared first on CyberScoop.
Continue reading APT33 has shifted targeting to industrial control systems software, Microsoft says
Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week. Continue reading Iran’s APT33 sharpens focus on industrial control systems
An Iranian government-linked hacking group has in the last year been using small clusters of hijacked computers to infect a handful of targets that include a U.S. national security firm and a university, researchers said Thursday. The Iranian group, dubbed APT33, is using the botnets — groups of computers commandeered by attackers — in “extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia,” cybersecurity company Trend Micro said. Botnets are often comprised of a large number of machines. But in this case, the Iranian hackers are using just a dozen computers per botnet to deliver their malware and get persistence access on a network, according to the researchers. The Iranian hackers also set up their own virtual private network with “exit nodes” that change frequently, Trend Micro said. The researchers say they have been tracking those VPN nodes for over a year, but the group has […]
The post APT33 has used botnets to infect targets in the U.S. and Middle East, researchers say appeared first on CyberScoop.
The APT is using small botnets to take espionage aim at military and academic organizations. Continue reading APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims
Microsoft has notified 10,000 customers in the past year that they have been the brunt of nation-state cyberattacks — some of which were successful — from Iran, North Korea, and Russia, Microsoft announced Wednesday. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” Tom Burt, corporate vice president of customer security & trust at Microsoft, wrote in a blog post on the matter. Microsoft has linked the attacks with a group linked with Iran broadly known as APT 33, with a group from North Korea known as APT 38, as well as two groups linked with Russia, APT 28 and APT 29, which Microsoft dubs Strontium and Yttrium respectively. APT 28 was behind the intrusions at the Democratic National Committee. Some of the attacks observed appear to be related to U.S. politics and […]
The post 10,000 Microsoft customers targeted by nation-state attacks in the last year appeared first on CyberScoop.
Continue reading 10,000 Microsoft customers targeted by nation-state attacks in the last year
US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activi… Continue reading US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!
US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook. The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outloo… Continue reading US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!