Apr 18, 2023Ravie LakshmananCyber Threat / Malware The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's … [Read more...] about Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Iranian
Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic … [Read more...] about Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian … [Read more...] about Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the … [Read more...] about Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania's National Agency of … [Read more...] about Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion … [Read more...] about Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy … [Read more...] about Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have … [Read more...] about U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms
Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company … [Read more...] about Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms
Researchers Uncover Iranian State-Sponsored Ransomware Operation
Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint said in its findings … [Read more...] about Researchers Uncover Iranian State-Sponsored Ransomware Operation