apt34 – WindowsTechs.com

Fake job listings help suspected Iranian hackers aim at targets in Lebanon

Posted on April 8, 2021 by Shannon Vavra

Suspected Iranian hackers have zeroed-in on a target in Lebanon, according to Check Point research published Thursday. Researchers caught attackers sending an unidentified Lebanese target documents that purported to contain details about job opportunities. If accessed in certain ways, those documents would deploy malware against victims. One such document imitated Ntiva IT, a consulting firm based in Virginia, Check Point said. In order to be infected, targets would have needed to enable macros on the documents, triggering a process that launches malware every five minutes. The hackers, which Check Point suspects belong to a hacking group known as APT34 or OilRig, have been using a new backdoor to access their targets, according to the researchers. APT34, which researchers say has been operating since 2014, is believed to frequently rely on decoy job opportunities to trap targets in their campaigns. The group used LinkedIn in 2019 to go after espionage targets […]

The post Fake job listings help suspected Iranian hackers aim at targets in Lebanon appeared first on CyberScoop.

Continue reading Fake job listings help suspected Iranian hackers aim at targets in Lebanon→

OilRig APT Drills into Malware Innovation with Unique Backdoor

Posted on July 22, 2020 by Tara Seals

The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images. Continue reading OilRig APT Drills into Malware Innovation with Unique Backdoor→

Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

Posted on February 18, 2020 by Tara Seals

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware. Continue reading Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign→

Iranian Hackers Target U.S. Gov. Vendor With Malware

Posted on January 31, 2020 by Lindsey O'Donnell

APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments. Continue reading Iranian Hackers Target U.S. Gov. Vendor With Malware→

After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace

Posted on January 3, 2020 by Sean Lyngaas

After the U.S. military said it killed Qassem Soleimani, the chief of Iran’s Quds Force, in an airstrike early Friday in Baghdad, Iran’s supreme leader vowed to exact revenge on the United States. Of prime concern will be Iran’s ability to carry out violent physical attacks on U.S. interests or its allies throughout the Middle East. But Iran could also leverage its considerable hacking capabilities to disrupt U.S. organizations. The U.S. attack, ordered by President Donald Trump, was carried out in response to Soleimani’s “actively developing plans to attack American diplomats and service members in Iraq and throughout the region,” the Pentagon said in a statement. Iran has previously retaliated against the U.S. through distributed denial-of-service attacks on banks’ websites in 2012 and 2013, reportedly in response to U.S. sanctions. Since then, Iranian hackers have gotten more advanced — and shown a penchant for data-destroying hacks. Shamoon and more The country’s attackers allegedly used the infamous Shamoon […]

The post After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace appeared first on CyberScoop.

Continue reading After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace→

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

Posted on December 4, 2019 by Tara Seals

Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing. Continue reading Iran Targets Mideast Oil with ZeroCleare Wiper Malware→

IBM sounds alarm about more data-wiping malware from Iran

Posted on December 4, 2019 by Sean Lyngaas

IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East. The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post. The discovery adds to years of evidence that hackers linked to the Iranian government have developed and deployed data-destroying code against multiple targets in the Middle East. Security analysts have warned that Iran could step up its use of cyberattacks amid heightened tensions with Saudi Arabia and the United States. IBM analysts believe APT34 — a hacking group linked with the Iranian government — and at least one […]

The post IBM sounds alarm about more data-wiping malware from Iran appeared first on CyberScoop.

Continue reading IBM sounds alarm about more data-wiping malware from Iran→

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

Posted on July 19, 2019 by Tara Seals

The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. Continue reading Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections→

How companies – and the hackers themselves – could respond to the OilRig leak

Posted on April 18, 2019 by Sean Lyngaas

In the last few weeks, hacking tools apparently used by a prolific Iran-linked group have been publicly leaked, exposing the hackers’ malicious code, the IP addresses of their servers, and their alleged victims. An unknown person or group began dumping the information last month via Telegram, and has since doxed alleged members of the group known to the cybersecurity community as OilRig, APT34, or Helix Kitten. Whoever is behind the Telegram channel claimed to expose the “names of the cruel managers” behind OilRig, and pointed the finger at the Iranian intelligence ministry. While the ties of those individuals to OilRig has not been confirmed, a remote-access trojan and other tools, which have since been posted to GitHub, are authentic and employed by the group, researchers tell CyberScoop. They have been used in a series of hacking campaigns in recent years that industry analysts say align with the interests of the […]

The post How companies – and the hackers themselves – could respond to the OilRig leak appeared first on CyberScoop.

Continue reading How companies – and the hackers themselves – could respond to the OilRig leak→

Cybersecurity researchers identify new variants of APT34 malware

Posted on April 23, 2018 by CyberScoop Staff

Booz Allen’s Dark Labs Advanced Threat Hunt team has developed an advanced technique to discover and block new variants of malware that poses a threat to organizations worldwide. Using an open source indicator of compromise (IOC), the research team was able to identify three additional variants of malware associated with APT34, a group thought to be involved in nation-state cyber-espionage, according to a technical brief from Booz Allen. The report describes how the team used a combination of open-source reporting and “acquired sources of threat intelligence,” then combined this information with its own tools to perform deep analysis on known APT34 behaviors. “The life cycle of an openly reported IOC does not end when an operator deploys the indicator to a sensor, or a threat hunter checks their security information and event manager (SIEM),” said the report’s authors, Chad Gray and Will Farrell. “Merging the IOC with internal or external […]

The post Cybersecurity researchers identify new variants of APT34 malware appeared first on Cyberscoop.

Continue reading Cybersecurity researchers identify new variants of APT34 malware→