|
Iran suspected behind cyberattack on Mideast aerospace, telecom firms
[IsraelTimes] Cybereason firm says MalKamak group used Dropbox to issue commands to its Trojan; findings show similarities to previous known Iran-backed hacks.Security researchers on Wednesday published a report tying cyberattacks on a number of aerospace and telecommunications companies, mainly in the Middle East, to Iranian state-sponsored groups. MalKamak, a cyberespionage group believed to be tied to other known Iranian government-sponsored groups such as Chafer APT (also known as APT39 or Remix Kitten), was responsible for the recent hack attack, US-Israeli cybersecurity firm Cybereason reported. The company did not name specific victims, but said they mainly included a "select few" companies in the Middle East, with others in the US, Europa ...the land mass occupying the space between the English Channel and the Urals, also known as Moslem Lebensraum... and Russia. Though Israel was not mentioned, Israel’s Channel 12 news reported that Israeli companies were among the list of targets in the Middle East, without providing a source or details. According to Cybereason, the end goal of the hack was the theft of information about their infrastructure, technology, and critical assets. The Iranian group used a remote access Trojan called ShellClient, which had been in use since at least 2018, to obtain information from the companies. Cybereason said the threat was still active as of September. The Trojan itself is controlled via the Dropbox file-sharing platform, which apparently made it difficult to detect. Commands are sent to the Trojan, which is disguised as a legitimate Microsoft program, to first set it up and identify system information and what antivirus software is installed. Then, still using Dropbox, the hackers send another set of commands to change the Trojan into a persistent program on the victim’s computer, with administrator privileges. Cybereason said its team compared its observations with previous campaigns that were attributed to known Iranian actors, "and was able to point out some interesting similarities between ShellClient and previously reported Iranian malware and threat actors." Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020. Israel and Iran  ...a theocratic Shiite state divided among the Medes, the Persians, and the (Arab) Elamites. Formerly a fairly civilized nation ruled by a Shah, it became a victim of Islamic revolution in 1979. The nation is today noted for spontaneouslytaking over other countries' embassies, maintaining whorehouses run by clergymen, involvement in international drug trafficking, and financing sock puppet militiasto extend the regime's influence. The word Iranis a cognate form of Aryan.The abbreviation IRGCis the same idea as Stürmabteilung (or SA).The term Supreme Guideis a the modern version form of either Duceor Führeror maybe both. They hate have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts — including multiple suspected cyberattacks — at sabotaging the Islamic Theocratic Republic’s nuclear program. Posted by: trailing wife 2021-10-07 |
| http://www.rantburg.com/poparticle.php?ID=614546 |