From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. Continue reading From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

Microsoft: Iranian espionage campaign targeted satellite and defense sectors

Tehran’s latest hacking activity involves easy-to-detect techniques to gain access and then pivoting to stealthier methods.

The post Microsoft: Iranian espionage campaign targeted satellite and defense sectors appeared first on CyberScoop.

Continue reading Microsoft: Iranian espionage campaign targeted satellite and defense sectors

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]

The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.

Continue reading Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Iranian hackers hit Israel with disk wiper in disguise of ransomware

By Deeba Ahmed
According to SentinelOne, Iranian hackers have developed a combo of disk wiper and ransomware and their target is Israel.
This is a post from HackRead.com Read the original post: Iranian hackers hit Israel with disk wiper in disguise of … Continue reading Iranian hackers hit Israel with disk wiper in disguise of ransomware

IBM sounds alarm about more data-wiping malware from Iran

IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East. The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post. The discovery adds to years of evidence that hackers linked to the Iranian government have developed and deployed data-destroying code against multiple targets in the Middle East. Security analysts have warned that Iran could step up its use of cyberattacks amid heightened tensions with Saudi Arabia and the United States. IBM analysts believe APT34 — a hacking group linked with the Iranian government — and at least one […]

The post IBM sounds alarm about more data-wiping malware from Iran appeared first on CyberScoop.

Continue reading IBM sounds alarm about more data-wiping malware from Iran

ZeroCleare Malware Targeting Energy, Industrial Sectors in Middle East

Researchers have detected a new malware family called “ZeroCleare” that’s targeting the energy and industrial sectors in the Middle East. IBM X-Force Incident Response and Intelligence Services (IRIS) launched an investigation into Ze… Continue reading ZeroCleare Malware Targeting Energy, Industrial Sectors in Middle East

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Continue reading Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Why Cyber Command’s latest warning is a win for the government’s information sharing efforts

When U.S. Cyber Command warned last week that a hacking group was using a Microsoft Outlook vulnerability previously leveraged by an Iran-linked malware campaign, it appeared to be signaling just how much the military knows about those operations. But the alert was significant in other ways: behind-the-scenes details uncovered by CyberScoop show that it is an example of how the U.S. government has built up its use of the information-sharing platform VirusTotal so the private sector gets more information sooner. Along with Cyber Command’s warning, which also was shared in a tweet, the Department of Homeland Security (DHS) released its own private warning to industry, CyberScoop has learned. The department’s traffic light protocol (TLP) alert covered the same threat that Cyber Command would eventually post to VirusTotal. In going public with the malicious files, Cyber Command appears to have revealed new information about how Iran-linked actors leveraged another malware family, known as Shamoon, as recently as 2017, according to Chronicle, which owns VirusTotal. Not only is it […]

The post Why Cyber Command’s latest warning is a win for the government’s information sharing efforts appeared first on CyberScoop.

Continue reading Why Cyber Command’s latest warning is a win for the government’s information sharing efforts