#2
A Syrian recruiter for a Turkish-backed militia stationed in Libya confirmed that they had sent youths, “under the age of 18 with zero military experience to fight in Libya, due to the increased Turkish intelligence request for Syrian mercenaries in Tripoli.”
Direct Translation via Google Translate. Edited.
[KavkazUzel]\ A military court of appeal upheld the verdict against a Moscow doctor from Dagestan, Alikhan Adzhamatov, who was sentenced to a lengthy term on charges of transferring money to terrorist organizations.
The "Caucasian Knot" has reported that a court in Moscow has heard the case of Alikhan Adzhamatov since September 13, 2020. The defendant denied the allegations of financing terrorism, stating that the money transfers were not intended for terrorists. Witness for the prosecution Solikhov in court completely retracted his testimony against Adzhamatov given during the preliminary investigation.
Prosecution witness Parviz Akhmedov stated that evidence against Adjamatov was falsified. Two witnesses for the defense stated that they were pressured to testify against Adzhamatov. In December 2021, the court sentenced Adzhamatov, who was charged with facilitating terrorist activities, to 17 years in prison. This is too harsh a term, given that Adzhamatov's guilt has not been proven, the lawyers said.
In September 2020, a blogger and journalist from Dagestan, Roman Babaev, announced that he was coerced into giving certain evidence in the case of his acquaintance, Alikhan Adzhamatov, who was accused of facilitating terrorist activities. Babaev was detained upon arrival in Moscow, where he flew as a defense witness.
In August 2021, the defense indicated that all 10 episodes in the case are based on the fact that counterparties with whom Adzhamatov had legal business contacts had indirect ties with those convicted in terrorist cases, the defense pointed out.
A military court in Moscow sentenced Alikhan Adzhamatov to 16 years and 9 months in a penal colony for transferring 59 million rubles to members of the international terrorist organizations "Islamic State" and "Al-Qaeda" banned in the Russian Federation for seven years, the press service of the Federal Security Service of Russia for Moscow reported today and Moscow region.
The investigation established that Adjamatov, sharing the ideology of radical Islam, organized the collection of money and their further transfer to support the activities of members of terrorist organizations in Syria. From 2011 to 2017, he made over 100 translations."According to the ruling of the Military Court of Appeal, A.I. Adzhamatov was found guilty and sentenced to imprisonment for a period of 16 years and 9 months in a strict regime colony. The verdict has entered into force," the UFSB quoted TASS as saying.
[Jpost] Albanian Prime Minister Edi Rama said the group that attacked his country also attacked Israel, Saudi Arabia and the UAE.
Albania announced on Wednesday that it was severing ties with Iran and expelling Iranian diplomats due to a cyberattack it says was conducted by Iranians in July in an attempt to destroy Albania's digital infrastructure.
In the announcement, Albania's Prime Minister Edi Rama stated that after thorough investigations, it was confirmed "with indisputable evidence" that the attack was conducted by Iran.
Rama added that the attack was carried out by four hacker groups that acted in concert, including a "notorious international cyber-terrorist group" which he said has carried out attacks against Israel, Saudi Arabia, UAE, Jordan, Kuwait and Cyprus. The prime minister did not name the groups.
In August, the Mandiant cybersecurity company reported that it had linked the cyberattack against Albania to Iranian hackers.
WHO CLAIMED RESPONSIBILITY FOR THE ATTACK?
While Rama did not name the specific groups responsible for the attack, a group calling itself "HomeLand Justice" published statements, screenshots and information on a Telegram channel and a website using a Russian domain linking itself to the cyberattack in July.
"We performed the #CyberAttacks to express our hatred and anger towards the Albanian government. Foreing (sic.) terrorists and moneylaunderes (sic.) do not belong to owr (sic.) sacred land. Our land is in need of pesticide to be cleansed," wrote the group in a Telegram post.
The group, which presented itself as Albanian, referenced the Mujahedin-e-Khalq (MEK) Iranian-opposition group throughout its messages, complaining that the Albanian government was supporting the MEK.
HomeLand Justice also published files it said contained data from the inboxes of Albanian government officials and offices.
HOW IS HOMELAND JUSTICE LINKED TO IRAN?
According to Mandiant, a ransomware called ROADSWEEP displayed a ransom note reading "Why should our taxes be spent on the benefit of DURRES terrorists?" on computers it infected in the attack. The MEK's Free Iran World Summit was set to be held in July in the town of Manëz in Durrës County.
The HomeLand Justice group's logo appeared identical to the wallpaper used by the ROADSWEEP ransomware. The graphic shows a circle containing lines that look like circuits and the outline of a Star of David, as well as an eagle with its talons pointed towards the star.
It is unclear why the Star of David was used in the logo as the group did not make any references to Jews or the State of Israel in its messaging.
Mandiant found that the attack also used a backdoor called CHIMNEYSWEEP which has likely been used in attacks against Farsi and Arabic speakers since 2012. CHIMNEYSWEEP and ROADSWEEP have a number of pieces of code in common.
CHIMNEYSWEEP operates through a self-extracting archive that contains it and a decoy Excel, Word or video file.
A tool called ZEROCLEARE which corrupts file systems may have also been used in the attack, according to Mandiant.
ZEROCLEARE has been used by Iranian hackers multiple times in recent years, according to multiple reports. Another wiper called Dustman, which has been identified as a very similar offshoot of ZEROCLEARE, was used in an attack on the Bahraini Bapco national oil company in 2019. Although they're very similar, it is unclear if Dustman was made and used by the same groups using ZEROCLEARE.
Mandiant estimated that one or multiple threat actors working for Iran were involved in the cyberattack against Albania due to the timing of the attack ahead of the planned MEK conference, the content of the Telegram group focusing on the MEK and the long history of CHIMNEYSWEEP being used to target Farsi and Arabic speakers.
The cyber security company stressed that the attack was, however, "significantly more complex" than prior CHIMNEYSWEEP operations, adding that this could indicate a cross-team collaboration or other scenarios.
"The use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups’ conference was set to take place would be a notably brazen operation by Iran-nexus threat actors," said Mandiant in the report.
"As negotiations surrounding the Iran nuclear deal continue to stall, this activity indicates Iran may feel less restraint in conducting cyber network attack operations going forward. This activity is also a geographic expansion of Iranian disruptive cyber operations, conducted against a NATO member state. It may indicate an increased tolerance of risk when employing disruptive tools against countries perceived to be working against Iranian interests."
So what does this have to do with Israel and other Middle Eastern countries?
According to a report by IBM's X-Force IRIS, ZEROCLEARE was used in a destructive cyberattack in the Middle East. X-Force IRIS estimated that an Iranian group known as the ITG13 threat group or APT34/OilRig and at least one other group likely based out of Iran collaborated on that attack.
Attacks by APT34 have also used decoy Word documents to infect computer systems in past attacks, according to the Israeli CheckPoint cybersecurity company.
A Russian threat actor called ITG12 or Turla also has access to tools used by APT34, according to X-Force IRIS. Turla has used APT34's infrastructure to carry out its own attacks, seemingly without explicit cooperation or agreement by the Iranian group, according to the US National Security Agency (NSA) and GCHQ's National Cyber Security Centre.
While it is still unclear if APT34 was the group behind the attack against Albania, tools it is has been linked to were used in the attack which has been linked to Iran.
APT34 has attacked targets in a number of countries, including Lebanon, Jordan and Israel, among others, according to a multitude of reports by cybersecurity companies.
The countries targeted by ZEROCLEARE and APT34 in the past seems to largely line up with the list of targeted countries stated by the Armenian prime minister, although no publicly reported attacks in Cyprus have been linked to APT34 or ZEROCLEARE.
Iranian cyber attacks have repeatedly targeted civilian facilities in the past.
In 2020, Iran-backed hackers reportedly attempted to attack and sabotage Israeli water and sewage facilities. Attacks attributed to Iran-backed hackers have also targeted medical facilities in Israel.
Posted by: Skidmark ||
09/08/2022 07:07 ||
Comments ||
Link ||
[9 views]
Top|| File under: Govt of Iran
#1
CHIMNEYSWEEP operates through a self-extracting archive that contains it and a decoy Excel, Word or video file.
Tempting for morons who think they can get Excel and Word for free.
Posted by: Abu Uluque ||
09/08/2022 13:11 Comments ||
Top||
[FoxNews] The UN's International Atomic Energy Agency released a report outlining the progress Iran's nuclear program has made, warning that the agency cannot determine that the country's nuclear aims are "exclusively peaceful."
"The Agency is not in a position to provide assurance that Iran's nuclear programme is exclusively peaceful," said the report released Wednesday, according to Reuters.
The report comes as the Biden administration reportedly closed in on a renewed nuclear deal with Iran in recent weeks, though talks have stalled in the last 24 hours and the European Union's chief negotiator has attempted to downplay speculation that a deal could be close.
Posted by: NoMoreBS ||
09/08/2022 00:00 ||
Comments ||
Link ||
[8 views]
Top|| File under: Govt of Iran
#1
Sorta like "mostly peaceful" riots...
Posted by: M. Murcek ||
09/08/2022 8:31 Comments ||
Top||
#5
When there's a leaked report that DJT had some nuclear documents, it's maximum vapors and all hands to the pump. But it's quiet as a mouse as the Mad Mullahs progress toward getting actual nukes.
Posted by: Matt ||
09/08/2022 16:01 Comments ||
Top||
A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012.
Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing
the drug and gang related violence in Mexico.
Chris gives us Mexican press dispatches of drug and gang war violence
over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has
dominated Mexico for six years.
Rantburg was assembled from recycled algorithms in the United States of America. No
trees were destroyed in the production of this weblog. We did hurt some, though. Sorry.
[FoxNews] The UN's International Atomic Energy Agency released a report outlining the progress Iran's nuclear program has made, warning that the agency cannot determine that the country's nuclear aims are "exclusively peaceful."
