middle east – Page 8 – WindowsTechs.com

Hacking group threatens researchers’ lives after they discover attack servers

Posted on March 13, 2018 by Chris Bing

A hacking group commonly linked to the Iranian government threatened to kill security researchers who came across their cyber espionage operation, according to a new report. Researchers with multinational cybersecurity company Trend Micro were probing a server that appeared connected to a possible data breach in the Middle East when they received a message that read: “Stop!!! I Kill You Researcher.” The server, used by a group known as “MuddyWaters,” later proved to be the attacker’s command and control (C&C) infrastructure. The infrastructure had been used to launch several attacks against multiple Middle Eastern and Central Asian government institutions, research shows. “It seems that the attackers are actively monitoring the incoming connections to the C&C,” a blog by Trend Micro reads. “In one of our attempts, we sent an improper request to the C&C server, which replied with the following message: ‘Stop!!! I Kill You Researcher.’ This level of personalized messaging […]

The post Hacking group threatens researchers’ lives after they discover attack servers appeared first on Cyberscoop.

Continue reading Hacking group threatens researchers’ lives after they discover attack servers→

ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign

Posted on March 9, 2018 by Chris Bing

An expansive and ongoing computer espionage campaign spread across Egypt, Turkey and Syria has been powered by technology developed by a Canadian-American networking company, SandVine, and an infamous spyware maker known as GammaGroup or Lench IT Solutions, security researchers say. New research by human rights advocacy organization Citizen Lab shows how products made by two Western technology contractors facilitated nationwide surveillance in multiple developing countries under authoritarian rule. The findings piggyback on prior reporting by a Slovakian cybersecurity company, which also discovered similar “man-in-the-middle” cyberattacks at the internet service provider (ISP) level in September and December. People getting online through local ISPs in Egypt, Turkey and Syria were tricked into installing highly intrusive spyware that allows the attacker to gain full access of an infected device, including its microphone and camera. Whenever targeted users in Turkey attempted to access certain websites to install free software, they were instead covertly served up a nearly identical but boobytrapped […]

The post ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign appeared first on Cyberscoop.

Continue reading ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign→

Telegram zero day used to spread cryptomining malware

Posted on February 13, 2018 by Zaid Shoorbajee

A zero-day vulnerability in the popular encrypted messaging app Telegram has subjected affected users to remote cryptomining for months, according to research released Tuesday by Kaspersky Lab. The vulnerability is in the chat app’s Windows client, Kaspersky researcher Alexey Firsh writes. The weakness specifically is in the way Telegram deals with a Unicode character that reverses the direction of text in the app. A hacker sends a victim what appears to be a .png image attachment. As a result of trickery with the Unicode character, it is actually a JavaScript file that installs malware on their system. Kaspersky found that the vulnerability has been exploited to mine cryptocurrency such as Monero, Zcash and Fantomcoin on a victim’s computer. In some cases, the zero day was used to deploy spyware or remote control malware. Firsh writes that Kaspersky doesn’t know exactly which versions of Telegram have been affected in the past, […]

The post Telegram zero day used to spread cryptomining malware appeared first on Cyberscoop.

Continue reading Telegram zero day used to spread cryptomining malware→

Schneider Electric: Trisis leveraged zero-day flaw, used a RAT

Posted on January 18, 2018 by Chris Bing

Multinational energy technology company Schneider Electric revealed new details Thursday about a historic breach where hackers were able to halt operations at an energy plant in the Middle East by deploying highly sophisticated malware. The latest revelations, which were publicly announced at an industrial control systems cybersecurity conference, show that Trisis leveraged a zero-day vulnerability in Schneider Electric’s Triconex Tricon safety-controller firmware. The vulnerability allowed for privilege escalation, which would allow hackers to manipulate emergency shutdown systems during a targeted attack. In addition, there was a remote access trojan (RAT) within Trisis, providing attackers with a wide array of options, including the ability to turn off industrial equipment or sabotage the safety controllers in order to create unsafe conditions. The RAT is the first designed to specifically impact safety-instrumented systems, allowing for someone to access the highest privileges available on a targeted machine. In this case, the RAT was injected directly into […]

The post Schneider Electric: Trisis leveraged zero-day flaw, used a RAT appeared first on Cyberscoop.

Continue reading Schneider Electric: Trisis leveraged zero-day flaw, used a RAT→

Triton Malware Targets Industrial Control Systems in Middle East

Posted on December 15, 2017 by Tom Spring

Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East. Continue reading Triton Malware Targets Industrial Control Systems in Middle East→

New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit

Posted on December 7, 2017 by Nick Harbour

Less than a week after Microsoft issued a patch for CVE-2017-11882
on Nov. 14, 2017, FireEye observed an attacker using an exploit for
the Microsoft Office vulnerability to target a government organization
in the Middle East. We assess this activ… Continue reading New Targeted Attack in the Middle East by APT34, a Suspected Iranian
Threat Group, Using CVE-2017-11882 Exploit→

In-progress email threads were hacked to spearphish private companies, report says

Posted on October 5, 2017 by Patrick Howell O'Neill

A newly identified spearphishing campaign targeting banks, companies and individuals across Eurasia wielded particularly effective tactics and malware, according to new research published by the cybersecurity firm Palo Alto Networks. The ongoing campaign has several eyebrow-raising but ultimately inconclusive links to previous attacks that could be the work of North Korean hackers, the researchers say. Attackers in a campaign dubbed “FreeMilk” compromised email accounts tied to a legitimate domain and then hijacked already ongoing conversations in order to send spearphishing messages to targets, the researchers say. The targeted victims include a Middle Eastern bank, European trademark and intellectual property service companies and specific but unidentified individuals connected to a country in “North East Asia.” Palo Alto Networks declined to share more information. Hijacking ongoing conversations makes identifying spearphishing more difficult. People are trained to look out for unfamiliar email addresses and unsolicited emails as red alarms for phishing but just another reply in an already existent […]

The post In-progress email threads were hacked to spearphish private companies, report says appeared first on Cyberscoop.

Continue reading In-progress email threads were hacked to spearphish private companies, report says→

People in the UAE Can Now Be Jailed for 15 Years for ‘Liking’ Qatar

Posted on June 8, 2017 by Farid Farid

In the wake of Saudi Arabia’s row with Qatar, the United Arab Emirates is cracking down on social media dissent. Continue reading People in the UAE Can Now Be Jailed for 15 Years for ‘Liking’ Qatar→

The Hack that Caused a Crisis in the Middle East Was Easy

Posted on June 7, 2017 by Lorenzo Franceschi-Bicchierai

How hackers compromised “the entire“ network of TV station Qatar News Agency. Continue reading The Hack that Caused a Crisis in the Middle East Was Easy→

What we know (and don’t know) about a rash of Middle East mystery hacks

Posted on June 6, 2017 by Chris Bing

A spate of apparent security breaches has intensified what was already a tense geopolitical situation among the Persian Gulf states. Over the last two weeks, the following incidents have allegedly occurred: a Qatari government media outlet was supposedly hacked to plant bogus quotes attributed to current Qatari Emir Sheikh Tamim; damaging emails belonging to UAE’s ambassador to the U.S. Yousef Al-Otaiba were leaked, and someone hacked the Twitter account of Bahrain’s Foreign Minister Khalid Al Khalifa to post propaganda associated with a Shiite militant group. Evidence is lacking for some of those claims, and the degree to which the events are related is not clear, but hackers are taking the blame, and the allegations alone have been enough to amplify tensions. All three storylines have been prominent in regional press outlets and are now being used as supporting evidence for the breakdown of relations between Qatar and the other Gulf Cooperation Council (GCC) nations. […]

The post What we know (and don’t know) about a rash of Middle East mystery hacks appeared first on Cyberscoop.

Continue reading What we know (and don’t know) about a rash of Middle East mystery hacks→