Category Archives: middle east

Android-based espionage campaign in the Middle East targets military data

Posted on by

A newly uncovered espionage campaign in the Middle East has infected more than 660 Android phones, and much of the stolen data appears to be “military-related,” researchers from cybersecurity company Trend Micro said Tuesday. The malware in question is highly invasive, posing as popular news and lifestyle apps to suck up a target phone’s call logs and records, text messages, and storage and memory details, among other data. Attackers aren’t using the Google Play store, a sometimes popular receptacle for malicious apps. Instead, the host website for the malware is being promoted via social media channels, according to Trend Micro. One feature of the malware even allows the operator to take a photo from an infected phone when the device’s owner “wakes” it in locked mode. Analysts did not pin the so-called “Bouncing Golf” spying operation on any group or person, but said the structure of the code used and the data targeted […]

The post Android-based espionage campaign in the Middle East targets military data appeared first on CyberScoop.

Continue reading Android-based espionage campaign in the Middle East targets military data

Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections

Posted on by

Social media users with ties to Iran are shifting their disinformation efforts by imitating real people, including U.S. congressional candidates, according to research published Tuesday. FireEye’s Threat Intelligence team said it had uncovered Twitter accounts that impersonated Republican congressional candidates in the buildup to the 2018 midterm elections, posting on politics and other topics. In some cases, FireEye suspects the actors were also able to have materials published in U.S. and Israeli media outlets. In a related announcement Tuesday, Facebook announced a takedown of fake accounts on Facebook and Instagram emanating from Iran that appeared to focus on outreach to policymakers. Facebook said the accounts and linked personas at times imitated legitimate news organizations in the Middle East and at other times purported to be journalists. Neither company attributed the information operations directly to the Iranian government, though FireEye said the actors appeared to be advocating for Iranian interests while Facebook and Twitter both […]

The post Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections appeared first on CyberScoop.

Continue reading Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections

‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Posted on by

Researchers have uncovered a years-long disinformation campaign in which suspected Iranian operatives masqueraded as well known international media outlets and used fake Twitter accounts to amplify fabricated news articles. The group, dubbed Endless Mayfly, published some 135 news articles on sites meant to look like Bloomberg, The Guardian, The Atlantic, Politico and others, according to findings published Tuesday by Citizen Lab, the team of researchers at the University of Toronto. The group impersonated outlets via a technique known as “typosquatting,” in which it used websites like “theatlatnic.com” instead of “theatlantic.com” to avoid detection. Endless Mayfly would use this method to push anti-Saudi narratives and other fabrications that would be picked up on social media and legitimate news outlets, Citizen Lab said. It also involved the use of 11 Twitter personas since 2016. The effort demonstrates how propagandists have adopted the SEO and social media tactics that media outlets and other organizations […]

The post ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says appeared first on CyberScoop.

Continue reading ‘Typosquatting’ campaign imitated news outlets to spread propaganda for years, report says

Millions of records about Middle Eastern drivers left in an insecure database

Posted on by

Records containing sensitive information on perhaps millions of Iranian drivers was left unsecured in a publicly available database for days, according to security research published Thursday. More than 6.7 million records from 2017 and 2018 were estimated to be exposed in a database discovered by researcher Bob Diachenko. Information included drivers’ first and last names, their Iranian ID numbers stored in plain text, their phone numbers, and other data such as invoice information. The data is now secured, Diachenko told CyberScoop. The actual number of people affected in the breach is likely less than 6.7 million, Diachenko explained, because the database contains multiple files referring to the same people. While the origin of the data remains unclear, Diachenko suggested it may have been stolen from the Iranian ride-hailing companies Snapp and/or TAP30. “[W]e can only guess if this data was part of their infrastructure,” he wrote in a post published Thursday. […]

The post Millions of records about Middle Eastern drivers left in an insecure database appeared first on CyberScoop.

Continue reading Millions of records about Middle Eastern drivers left in an insecure database

Facebook removes nearly 800 pages for magnifying state media throughout the Middle East

Posted on by

Facebook removed 783 pages, groups and accounts tied to Iran that engaged in “coordinated inauthentic behavior” dating back to 2010, the company said Thursday. Many of the nearly 800 pages magnified content that originated with Iranian state media, such as news stories about relations between Israel and Palestine, the Syrian conflict and the impact of U.S. involvement in international conflicts, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a conference call Thursday. Roughly 2 million accounts followed at least one of these pages, and nearly $30,0000 in advertising spending was tied to the pages in question, Facebook said. Multiple sets of activity specifically targeted users in countries in the Middle East, European Union and Southeast Asia. The company did not directly tie any of the activities in question to the Iranian government. “In this case we can prove this is emanating from actors in Iran,” Gleicher said. “We’re not in a […]

The post Facebook removes nearly 800 pages for magnifying state media throughout the Middle East appeared first on CyberScoop.

Continue reading Facebook removes nearly 800 pages for magnifying state media throughout the Middle East

FireEye: New APT goes after individual targets by hitting telecom, travel companies

Posted on by

A newly identified threat group linked to Iran is surveilling specific individuals of interest by stealing data primarily from companies in the telecommunications and travel industries, a report from FireEye published Tuesday. FireEye is adding the group to its list of advanced persistent threats as APT39. While not outright saying the group is state-sponsored, researchers said that APT39 appears to be be acting in support of Iranian state interests. That assessment is based on the group’s toolset overlap with other Iran-linked groups like APT33, APT34, Newscaster and Chafer. Still, FireEye says APT39’s apparent objective and its choices of malware variants warrant classifying it as a new group. “APT39’s focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals that serve strategic requirements related to Iran’s strategic national priorities,” Cristiana Kittner, FireEye principal analyst of cyber-espionage analysis, told CyberScoop by email. It’s […]

The post FireEye: New APT goes after individual targets by hitting telecom, travel companies appeared first on CyberScoop.

Continue reading FireEye: New APT goes after individual targets by hitting telecom, travel companies