Category Archives: middle east

‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Posted on by

Researchers have uncovered a years-long disinformation campaign in which suspected Iranian operatives masqueraded as well known international media outlets and used fake Twitter accounts to amplify fabricated news articles. The group, dubbed Endless Mayfly, published some 135 news articles on sites meant to look like Bloomberg, The Guardian, The Atlantic, Politico and others, according to findings published Tuesday by Citizen Lab, the team of researchers at the University of Toronto. The group impersonated outlets via a technique known as “typosquatting,” in which it used websites like “theatlatnic.com” instead of “theatlantic.com” to avoid detection. Endless Mayfly would use this method to push anti-Saudi narratives and other fabrications that would be picked up on social media and legitimate news outlets, Citizen Lab said. It also involved the use of 11 Twitter personas since 2016. The effort demonstrates how propagandists have adopted the SEO and social media tactics that media outlets and other organizations […]

The post ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says appeared first on CyberScoop.

Continue reading ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Millions of records about Middle Eastern drivers left in an insecure database

Posted on by

Records containing sensitive information on perhaps millions of Iranian drivers was left unsecured in a publicly available database for days, according to security research published Thursday. More than 6.7 million records from 2017 and 2018 were estimated to be exposed in a database discovered by researcher Bob Diachenko. Information included drivers’ first and last names, their Iranian ID numbers stored in plain text, their phone numbers, and other data such as invoice information. The data is now secured, Diachenko told CyberScoop. The actual number of people affected in the breach is likely less than 6.7 million, Diachenko explained, because the database contains multiple files referring to the same people. While the origin of the data remains unclear, Diachenko suggested it may have been stolen from the Iranian ride-hailing companies Snapp and/or TAP30. “[W]e can only guess if this data was part of their infrastructure,” he wrote in a post published Thursday. […]

The post Millions of records about Middle Eastern drivers left in an insecure database appeared first on CyberScoop.

Continue reading Millions of records about Middle Eastern drivers left in an insecure database

Facebook removes nearly 800 pages for magnifying state media throughout the Middle East

Posted on by

Facebook removed 783 pages, groups and accounts tied to Iran that engaged in “coordinated inauthentic behavior” dating back to 2010, the company said Thursday. Many of the nearly 800 pages magnified content that originated with Iranian state media, such as news stories about relations between Israel and Palestine, the Syrian conflict and the impact of U.S. involvement in international conflicts, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a conference call Thursday. Roughly 2 million accounts followed at least one of these pages, and nearly $30,0000 in advertising spending was tied to the pages in question, Facebook said. Multiple sets of activity specifically targeted users in countries in the Middle East, European Union and Southeast Asia. The company did not directly tie any of the activities in question to the Iranian government. “In this case we can prove this is emanating from actors in Iran,” Gleicher said. “We’re not in a […]

The post Facebook removes nearly 800 pages for magnifying state media throughout the Middle East appeared first on CyberScoop.

Continue reading Facebook removes nearly 800 pages for magnifying state media throughout the Middle East

FireEye: New APT goes after individual targets by hitting telecom, travel companies

Posted on by

A newly identified threat group linked to Iran is surveilling specific individuals of interest by stealing data primarily from companies in the telecommunications and travel industries, a report from FireEye published Tuesday. FireEye is adding the group to its list of advanced persistent threats as APT39. While not outright saying the group is state-sponsored, researchers said that APT39 appears to be be acting in support of Iranian state interests. That assessment is based on the group’s toolset overlap with other Iran-linked groups like APT33, APT34, Newscaster and Chafer. Still, FireEye says APT39’s apparent objective and its choices of malware variants warrant classifying it as a new group. “APT39’s focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals that serve strategic requirements related to Iran’s strategic national priorities,” Cristiana Kittner, FireEye principal analyst of cyber-espionage analysis, told CyberScoop by email. It’s […]

The post FireEye: New APT goes after individual targets by hitting telecom, travel companies appeared first on CyberScoop.

Continue reading FireEye: New APT goes after individual targets by hitting telecom, travel companies

DarkHydrus Phishery tool spreading malware using Google Drive

Posted on by

By Waqas
DarkHydrus is back in action with a new variant of RogueRobin malware to target Middle Eastern Politicians by abusing Google Drive. The primary focus of cybercriminals nowadays is to use the infrastructure of genuine services in their attacks … Continue reading DarkHydrus Phishery tool spreading malware using Google Drive

Middle East group goes on hacking spree against telecoms, embassies and more

Posted on by

A group likely operating out of the Middle East has compromised 131 victims in 30 organizations since September, including telecommunications firms, a Russian oil and gas company and unidentified government embassies, new research shows. The hackers have hit organizations in Pakistan, Russia, Saudi Arabia, Turkey, and North America, among other places, in an espionage operation designed to acquire “actionable information” on targets, cybersecurity company Symantec said Monday. After breaching a system, the group runs a password-stealing program with the likely aim of accessing victims’ email and social media accounts, researchers found. The group, dubbed Seedworm by Symantec and MuddyWater by others, gained notoriety earlier this year for threatening to kill security researchers investigating it. That followed a spearphishing campaign from January to March against government and defense organizations in Central and Southwest Asia, which cybersecurity company FireEye documented. While there has been no definitive public attribution of MuddyWater, Ben Read, FireEye’s senior manager […]

The post Middle East group goes on hacking spree against telecoms, embassies and more appeared first on Cyberscoop.

Continue reading Middle East group goes on hacking spree against telecoms, embassies and more