Collaborate Disseminate
The cyberattacks — some on industrial targets — use a previously unknown trojan dubbed Milum. Continue reading Unknown ‘WildPressure’ Malware Campaign Lets Off Steam in Middle East
A mysterious set of hackers last year began a targeted campaign to breach industrial organizations in the Middle East, antivirus firm Kaspersky said Tuesday. Attackers have sought to breach engineers, particularly in a single, unnamed Middle Eastern country, adding to a long history of cyber operations in the region. They’re relying on a strain of malicious software that’s tailored for espionage, and does not appear to match any code the researchers have seen before. Exactly who is behind the effort remains unclear. The sensitivity of the targets, and the fact that the activity is ongoing, prompted the researchers to go public with their findings. The Moscow-based company labeled the activity an “advanced persistent threat” (APT), a loose term for well-resourced hackers often linked to government interests. Kaspersky designated the hacking campaign “WildPressure.” “Anytime the industrial sector is being targeted, it’s concerning,” said Kaspersky senior security researcher Denis Legezo. There is no indication that hackers have done anything beyond […]
The post Kaspersky finds a new APT campaign targeting engineers in the Middle East appeared first on CyberScoop.
Continue reading Kaspersky finds a new APT campaign targeting engineers in the Middle East
Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro. Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro. “The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate […]
The post Russian hackers using stolen corporate email accounts to mask their phishing attempts appeared first on CyberScoop.
In recent analysis of malicious activity likely targeting entities based in the Middle East, IBM X-Force IRIS discovered a backdoor malware strain we named “EnigmaSpark.”
The post EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan appeared first on Security Intelligence.
Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior researcher for Secureworks, told CyberScoop the spearphishing activity has increased since the killing. The research appears to align with information the FBI shared with industry in January, when it warned of an increase in Iranian “cyber reconnaissance activity.” The alert highlighted that Iranian hackers could be zeroing in on the defense industrial base, government agencies, academia and nongovernmental organizations. The campaign Secureworks’ Counter Threat Unit (CTU) has observed, with activity from mid-2019 to mid-January of 2020, has also targeted intergovernmental organizations and unknown entities in […]
The post Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing appeared first on CyberScoop.
GoFundMe reinstated two fundraisers for Canadian victims of the Tehran plane crash after verifying the funds wouldn’t go to individuals covered under sanctions. Continue reading How Instagram and GoFundMe Got Tangled Up in U.S. Sanctions Against Iran
Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing. Continue reading Iran Targets Mideast Oil with ZeroCleare Wiper Malware
According to IBM X-Force research, the ZeroCleare wiper was used to execute a destructive attack that affected organizations in the energy and industrial sectors in the Middle East.
The post New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East appeared first on Security Intelligence.
Continue reading New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East
Over the last 14 months, a determined group of hackers has breached IT companies in Saudi Arabia in a likely attempt to gain access to their customers, security researchers said Wednesday. The group, dubbed Tortoiseshell, has struck at least 11 organizations, most of them in Saudi Arabia, since July 2018 and was active as recently as July 2019, according to cybersecurity company Symantec. Targeting Saudi IT providers and collecting data on their networks makes perfect sense for anyone looking for persistent access to those suppliers’ clients. Symantec did not speculate on which organizations the attackers have been targeting further upstream in the supply chain. Nor would the researchers describe the nature of the IT services the hacked organizations provide. Jon DiMaggio, senior threat intelligence analyst for Symantec Security Response, said the IT providers have a “large presence in Saudi Arabia” and have lots of customers. The IT providers “have that trust relationship with these customers,” DiMaggio told CyberScoop. […]
The post A persistent group of hackers has been hitting Saudi IT providers, Symantec says appeared first on CyberScoop.
Continue reading A persistent group of hackers has been hitting Saudi IT providers, Symantec says
Facebook announced on Monday its taken hundreds of accounts, pages and groups offline upon determining they were engaged in separate information operations with roots in Iraq and Ukraine. The company caught 244 accounts, 269 pages, 80 groups and seven Instagram pages that were used to mislead legitimate Facebook users about their behavior, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a blog post. Facebook has for months publicized its account removals, in which the social media giant scrubs pages deemed to be violating Facebook policy, typically by lying about their true location or account owner. The company’s general term for the offenses is “coordinated inauthentic behavior.” Gleicher repeatedly has stressed that Facebook takes these actions based on apparent user behavior, not the content posted. In this case, Facebook removed 168 accounts, 149 pages and 79 groups for activity focused on Ukraine. People involved in this operation used fake identities […]
The post Latest Facebook shutdown involves hundreds of accounts misleading users in Ukraine, Iraq appeared first on CyberScoop.