Iranian APT Operating as Initial Access Provider to Networks in the Middle East

Iranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East.
The post Iranian APT Operating as Initial Access Provider to Networks in the Middle East appeared first on SecurityWeek.
Continue reading Iranian APT Operating as Initial Access Provider to Networks in the Middle East

Fake job listings help suspected Iranian hackers aim at targets in Lebanon

Suspected Iranian hackers have zeroed-in on a target in Lebanon, according to Check Point research published Thursday. Researchers caught attackers sending an unidentified Lebanese target documents that purported to contain details about job opportunities. If accessed in certain ways, those documents would deploy malware against victims. One such document imitated Ntiva IT, a consulting firm based in Virginia, Check Point said. In order to be infected, targets would have needed to enable macros on the documents, triggering a process that launches malware every five minutes. The hackers, which Check Point suspects belong to a hacking group known as APT34 or OilRig, have been using a new backdoor to access their targets, according to the researchers. APT34, which researchers say has been operating since 2014, is believed to frequently rely on decoy job opportunities to trap targets in their campaigns. The group used LinkedIn in 2019 to go after espionage targets […]

The post Fake job listings help suspected Iranian hackers aim at targets in Lebanon appeared first on CyberScoop.

Continue reading Fake job listings help suspected Iranian hackers aim at targets in Lebanon

Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware. Continue reading Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace

After the U.S. military said it killed Qassem Soleimani, the chief of Iran’s Quds Force, in an airstrike early Friday in Baghdad, Iran’s supreme leader vowed to exact revenge on the United States. Of prime concern will be Iran’s ability to carry out violent physical attacks on U.S. interests or its allies throughout the Middle East. But Iran could also leverage its considerable hacking capabilities to disrupt U.S. organizations.  The U.S. attack, ordered by President Donald Trump, was carried out in response to Soleimani’s “actively developing plans to attack American diplomats and service members in Iraq and throughout the region,” the Pentagon said in a statement. Iran has previously retaliated against the U.S. through distributed denial-of-service attacks on banks’ websites in 2012 and 2013, reportedly in response to U.S. sanctions. Since then, Iranian hackers have gotten more advanced — and shown a penchant for data-destroying hacks. Shamoon and more The country’s attackers allegedly used the infamous Shamoon […]

The post After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace appeared first on CyberScoop.

Continue reading After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace

IBM sounds alarm about more data-wiping malware from Iran

IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East. The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post. The discovery adds to years of evidence that hackers linked to the Iranian government have developed and deployed data-destroying code against multiple targets in the Middle East. Security analysts have warned that Iran could step up its use of cyberattacks amid heightened tensions with Saudi Arabia and the United States. IBM analysts believe APT34 — a hacking group linked with the Iranian government — and at least one […]

The post IBM sounds alarm about more data-wiping malware from Iran appeared first on CyberScoop.

Continue reading IBM sounds alarm about more data-wiping malware from Iran

How companies – and the hackers themselves – could respond to the OilRig leak

In the last few weeks, hacking tools apparently used by a prolific Iran-linked group have been publicly leaked, exposing the hackers’ malicious code, the IP addresses of their servers, and their alleged victims. An unknown person or group began dumping the information last month via Telegram, and has since doxed alleged members of the group known to the cybersecurity community as OilRig, APT34, or Helix Kitten. Whoever is behind the Telegram channel claimed to expose the “names of the cruel managers” behind OilRig, and pointed the finger at the Iranian intelligence ministry. While the ties of those individuals to OilRig has not been confirmed, a remote-access trojan and other tools, which have since been posted to GitHub, are authentic and employed by the group, researchers tell CyberScoop. They have been used in a series of hacking campaigns in recent years that industry analysts say align with the interests of the […]

The post How companies – and the hackers themselves – could respond to the OilRig leak appeared first on CyberScoop.

Continue reading How companies – and the hackers themselves – could respond to the OilRig leak