Category Archives: middle east

Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

Posted on by

A cyber-espionage group widely believed to be carrying out attacks on behalf of the Iranian government resorted to new hacking tools after its malicious activity was unveiled earlier this year, according to research scheduled to be published Wednesday. The threat intelligence company Recorded Future determined the hacking group APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct cyberattacks since March 28. That’s the date researchers from Symantec released findings exposing an APT33 operation that targeted 50 organizations in Saudi Arabia and the United States. But Recorded Future also found that in the months since, APT33 apparently has resorted to new remote access trojans, which is yet another indication that suspected Iranian hackers are ramping up their activity amid ongoing international tension. “Our research found that APT33 or a closely aligned threat actor continues to conduct and prepare for widespread cyber-espionage activity … with a […]

The post Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says appeared first on CyberScoop.

Continue reading Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

Android-based espionage campaign in the Middle East targets military data

Posted on by

A newly uncovered espionage campaign in the Middle East has infected more than 660 Android phones, and much of the stolen data appears to be “military-related,” researchers from cybersecurity company Trend Micro said Tuesday. The malware in question is highly invasive, posing as popular news and lifestyle apps to suck up a target phone’s call logs and records, text messages, and storage and memory details, among other data. Attackers aren’t using the Google Play store, a sometimes popular receptacle for malicious apps. Instead, the host website for the malware is being promoted via social media channels, according to Trend Micro. One feature of the malware even allows the operator to take a photo from an infected phone when the device’s owner “wakes” it in locked mode. Analysts did not pin the so-called “Bouncing Golf” spying operation on any group or person, but said the structure of the code used and the data targeted […]

The post Android-based espionage campaign in the Middle East targets military data appeared first on CyberScoop.

Continue reading Android-based espionage campaign in the Middle East targets military data

Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections

Posted on by

Social media users with ties to Iran are shifting their disinformation efforts by imitating real people, including U.S. congressional candidates, according to research published Tuesday. FireEye’s Threat Intelligence team said it had uncovered Twitter accounts that impersonated Republican congressional candidates in the buildup to the 2018 midterm elections, posting on politics and other topics. In some cases, FireEye suspects the actors were also able to have materials published in U.S. and Israeli media outlets. In a related announcement Tuesday, Facebook announced a takedown of fake accounts on Facebook and Instagram emanating from Iran that appeared to focus on outreach to policymakers. Facebook said the accounts and linked personas at times imitated legitimate news organizations in the Middle East and at other times purported to be journalists. Neither company attributed the information operations directly to the Iranian government, though FireEye said the actors appeared to be advocating for Iranian interests while Facebook and Twitter both […]

The post Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections appeared first on CyberScoop.

Continue reading Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections

‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Posted on by

Researchers have uncovered a years-long disinformation campaign in which suspected Iranian operatives masqueraded as well known international media outlets and used fake Twitter accounts to amplify fabricated news articles. The group, dubbed Endless Mayfly, published some 135 news articles on sites meant to look like Bloomberg, The Guardian, The Atlantic, Politico and others, according to findings published Tuesday by Citizen Lab, the team of researchers at the University of Toronto. The group impersonated outlets via a technique known as “typosquatting,” in which it used websites like “theatlatnic.com” instead of “theatlantic.com” to avoid detection. Endless Mayfly would use this method to push anti-Saudi narratives and other fabrications that would be picked up on social media and legitimate news outlets, Citizen Lab said. It also involved the use of 11 Twitter personas since 2016. The effort demonstrates how propagandists have adopted the SEO and social media tactics that media outlets and other organizations […]

The post ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says appeared first on CyberScoop.

Continue reading ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Millions of records about Middle Eastern drivers left in an insecure database

Posted on by

Records containing sensitive information on perhaps millions of Iranian drivers was left unsecured in a publicly available database for days, according to security research published Thursday. More than 6.7 million records from 2017 and 2018 were estimated to be exposed in a database discovered by researcher Bob Diachenko. Information included drivers’ first and last names, their Iranian ID numbers stored in plain text, their phone numbers, and other data such as invoice information. The data is now secured, Diachenko told CyberScoop. The actual number of people affected in the breach is likely less than 6.7 million, Diachenko explained, because the database contains multiple files referring to the same people. While the origin of the data remains unclear, Diachenko suggested it may have been stolen from the Iranian ride-hailing companies Snapp and/or TAP30. “[W]e can only guess if this data was part of their infrastructure,” he wrote in a post published Thursday. […]

The post Millions of records about Middle Eastern drivers left in an insecure database appeared first on CyberScoop.

Continue reading Millions of records about Middle Eastern drivers left in an insecure database

Facebook removes nearly 800 pages for magnifying state media throughout the Middle East

Posted on by

Facebook removed 783 pages, groups and accounts tied to Iran that engaged in “coordinated inauthentic behavior” dating back to 2010, the company said Thursday. Many of the nearly 800 pages magnified content that originated with Iranian state media, such as news stories about relations between Israel and Palestine, the Syrian conflict and the impact of U.S. involvement in international conflicts, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a conference call Thursday. Roughly 2 million accounts followed at least one of these pages, and nearly $30,0000 in advertising spending was tied to the pages in question, Facebook said. Multiple sets of activity specifically targeted users in countries in the Middle East, European Union and Southeast Asia. The company did not directly tie any of the activities in question to the Iranian government. “In this case we can prove this is emanating from actors in Iran,” Gleicher said. “We’re not in a […]

The post Facebook removes nearly 800 pages for magnifying state media throughout the Middle East appeared first on CyberScoop.

Continue reading Facebook removes nearly 800 pages for magnifying state media throughout the Middle East