iran (34)

13142861064?profile=RESIZE_400xResearchers recently discovered that suspected Iranian hackers impersonated recruiters on LinkedIn to target the aerospace industry in a new espionage campaign.  So-called “fake worker” schemes are typically associated with North Korean threat actors.  However, the Israel-based cybersecurity company ClearSky has attributed this latest campaign to the Iranian operation tracked as TA455, likely a subgroup of the Iranian government cyberwarfare group Charming Kitten.[1]

Researchers suggest that TA4

13031403256?profile=RESIZE_400xIranian hackers are acting as Initial Access Brokers (IAB), selling access to critical infrastructure organizations in the West to the highest bidder.  A joint security advisory recently published by the US Cybersecurity and Infrastructure Agency (CISA), together with the FBI, NSA, the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ASCS), claims Iranian threat actors are activel

13027416478?profile=RESIZE_400xDespite current of law enforcement action to take down ransomware gangs, Secureworks has observed a 30% year-on-year rise in active ransomware groups.   In the eighth edition of the Secureworks annual State of The Threat Report[1], the firm identified 31 new groups that had entered the ransomware ecosystem in the last 12 months.  The report noted that while a few big players had previously dominated the threat landscape, it is now home to a broader set of emerging entities.[2]

The top four most

12950866454?profile=RESIZE_400xIn the months before his attackers tracked him down, the exiled Iranian journalist had been moved in and out of safe houses by London’s Metropolitan Police, given a secret way to signal rescue units and had monitoring devices installed in his home.

British authorities had done even more to protect Iran International, the London-based satellite news channel that airs the weekly program of the journalist, Pouria Zeraati, and has built an audience of millions in Iran despite being outlawed by the I

12859085857?profile=RESIZE_400xAs the US National Elections are coming quickly, all US eyes are on Russia and Iran to watch for an increase of cyber-attacks, aimed at the election process.  Russia remains the top source of troll networks disrupted on Facebook and Instagram, with Iran close behind, according to a threat report by social media giant Meta.  The company’s latest quarterly review, released on Thursday, states it has disrupted 39 covert influence operations originating in Russia since 2017, followed by 30 from Iran

12790441095?profile=RESIZE_400xIranian state-backed actors have sought to access senior US political figures’ email accounts and launched “covert news sites” aimed at US readers as part of an increase in disinformation and cyber-attacks ahead of the country’s elections, Microsoft has said.  A group run by Iran’s Revolutionary Guards in June sent a spear-phishing email, or personalized hacking attempt, to a “high-ranking official of a presidential campaign” from the compromised email account of a former senior adviser, the Mic

12400254075?profile=RESIZE_400xCyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity.  AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.  Adversaries can use AI as part of their exploits.  It is never been more critical for us to design, deploy, and use AI securely.

See:  https://redskyalliance.org/xin

12399706096?profile=RESIZE_400xThe top US intelligence agency has revamped its election security team ahead of the 2024 presidential election, a contest multiple national security leaders have warned could be targeted by foreign adversaries using fast-moving attacks.  Jessica Brandt, who previously held a variety of prominent research roles at Washington think tanks, was appointed the first full-fledged director of the Foreign Malign Influence Center in late 2023.

The hub, part of the Office of the Director of National Intell

12389945471?profile=RESIZE_400xCybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital and that the US government is doing too little to prevent such breaches.  Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.  Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage f

12364136897?profile=RESIZE_400xHigh-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the UK, and the US have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023.  The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the Microsoft Threat Intelligence team reported in a recent analysis, describing it as a "technically and operationally ma

12330371483?profile=RESIZE_400xAn Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70% of them offline on 18 December.  Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region.  “This cyber attack was carried out in a controlled manner to avoid potential damage to emergency services,” the group said.

Addressing Iran’s Ayatollah Ali Khamenei, th

12304767697?profile=RESIZE_400xA water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.

The Municipal Water Authority of Aliquippa, which serves thousands of customers in communities northwest of Pittsburgh, did not respond to requests for comment but told local news outlet that computer screens at a facility were plastered with a message from hacking group Cyber Av3ngers. The facility, which contains a co

12264332264?profile=RESIZE_400xUsing a trending item as a malicious lure is relatively common; to do it in a period of military conflict and deliberately target users in the affected region is a different step.  Recently, a genuine app: RedAlert - Rocket Alerts, has been popular among users in the Israel and Gaza region, since it allows individuals to receive timely and precise alerts about incoming airstrikes.  However, a malicious, spoofed version of the app was detected last week, which collected personal information inclu

11029695866?profile=RESIZE_400xThe Iranian nation-state group known as MuddyWater has been observed directing destructive attacks on hybrid environments under the guise of a ransomware operation.  The name is not to be confused with McKinley Morganfield (April 4, 1913 – April 30, 1983), known professionally as Muddy Waters, was an American blues singer and musician.  Iran could be singing the blues if they keep this up.

According to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor ta

10978300654?profile=RESIZE_400xThe current Ukraine crisis has revealed the willingness of state and non-state actors to involve themselves in conducting attacks of various degrees of severity and frequency.  Notably, hacktivists and cybercriminal groups have joined the conflict extending beyond the borders of the two primary combatants, with cyberattacks targeting those governments and private sector organizations perceived to be supporting the other side.  Patriotic hacktivism is not necessarily new, especially in troubled a

10893599672?profile=RESIZE_400xWith women’s rights at issue, hackers have disrupted the works of Iran’s Fars news agency, one of the main sources of news disseminated by the state during protests over Mahsa Amini's death, the agency reported.  Iran has been shaken by numerous in country and international protests since Amini’s death while in custody on 16 September after her arrest for an alleged breach of the country's dress code for women.  Iran’s first protests focused on the state-mandated hijab, or headscarf, for women,

10861060279?profile=RESIZE_400xThe FBI released an alert last week warning of hack-and-leak operations targeting organizations in the US and Israel by a group based in Iran.  The alert centers on Emennet Pasargad, an Iranian company US law enforcement agencies have previously spotlighted for its role in efforts to interfere with the 2020 US presidential election.  Last week, the FBI said the company, which has changed its name several times to avoid sanctions, has targeted entities in Israel since 2020 with attacks that invol

10229169082?profile=RESIZE_400xIran’s Revolutionary Guard has added “smart submarines,” unmanned underwater vehicles, to its navy for the first time, a report presented on Iranian state TV.  Its Guard’s Navy unveiled the vessels, along with new missiles and speedboats, at a ceremony in Iran’s southern port city of Bandar Abbas.[1]

Its new speedboats can travel at up to 95 knots (about 109 mph) and are able to launch missiles and rockets.  The report also said the Guard’s navy was equipped with new maneuverable missiles with a

10065799678?profile=RESIZE_400xPrevious attacks from the Iranian Phosphorus APT (aka Charming Kitten, APT35) are well documented. Recently a new set of tools incorporated into the group's arsenal, and a connection with the Memento ransomware, have been discovered. Researchers from have detected a new and undocumented PowerShell backdoor that supports downloading malware such as a keylogger and an infostealer. The code runs in the context of a .NET app without launching powershell.exe and thus avoiding detection.

See Previous