Seedworm – WindowsTechs.com

U.S. Cyber Command shares new samples of suspected Iranian hacking software

Posted on January 12, 2022 by AJ Vicens

U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers. The samples, posted to VirusTotal early Wednesday afternoon, represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement. It’s Cyber Command’s first VirusTotal upload in nine months, according the the agency’s page on the site. Referring to the actors as “MuddyWater” — the moniker applied to some suspected Iranian government hacking activities dating back to at least 2015 — Cyber Command’s Cyber National Mission Force shared the samples “to better enable defense” against the attackers. Wednesday’s statement refers to MuddyWater as “a subordinate element” within the Iranian Ministry of Intelligence and Security (MOIS), an arm of the security apparatus focused on […]

The post U.S. Cyber Command shares new samples of suspected Iranian hacking software appeared first on CyberScoop.

Continue reading U.S. Cyber Command shares new samples of suspected Iranian hacking software→

Suspected espionage campaign targets telecoms, IT service firms in Middle East

Posted on December 14, 2021 by AJ Vicens

Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six months, according to research published Tuesday. The suspected espionage activity targeted organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos, according to the research from Symantec’s Threat Hunter Team. The “targeting and tactics are consistent with Iranian-sponsored actors,” researchers noted, but stopped short of tying the activity to the Iranian government. Some of the evidence shows a link to Seedworm — otherwise known as MuddyWater — a prolific hacking group with suspected ties to Iran known for concerted espionage efforts dating back to at least 2015. The group previously threatened to kill security researchers who stumbled across one of its command-and-control servers. Its operators have also focused on academia and the tourism industry in multiple countries earlier this year, and governments and other […]

The post Suspected espionage campaign targets telecoms, IT service firms in Middle East appeared first on CyberScoop.

Continue reading Suspected espionage campaign targets telecoms, IT service firms in Middle East→

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Posted on October 6, 2020 by Lindsey O'Donnell

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks. Continue reading Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors→

Middle East group goes on hacking spree against telecoms, embassies and more

Posted on December 10, 2018 by Sean Lyngaas

A group likely operating out of the Middle East has compromised 131 victims in 30 organizations since September, including telecommunications firms, a Russian oil and gas company and unidentified government embassies, new research shows. The hackers have hit organizations in Pakistan, Russia, Saudi Arabia, Turkey, and North America, among other places, in an espionage operation designed to acquire “actionable information” on targets, cybersecurity company Symantec said Monday. After breaching a system, the group runs a password-stealing program with the likely aim of accessing victims’ email and social media accounts, researchers found. The group, dubbed Seedworm by Symantec and MuddyWater by others, gained notoriety earlier this year for threatening to kill security researchers investigating it. That followed a spearphishing campaign from January to March against government and defense organizations in Central and Southwest Asia, which cybersecurity company FireEye documented. While there has been no definitive public attribution of MuddyWater, Ben Read, FireEye’s senior manager […]

The post Middle East group goes on hacking spree against telecoms, embassies and more appeared first on Cyberscoop.

Continue reading Middle East group goes on hacking spree against telecoms, embassies and more→