Previous attacks from the Iranian Phosphorus APT (aka Charming Kitten, APT35) are well documented. Recently a new set of tools incorporated into the group's arsenal, and a connection with the Memento ransomware, have been discovered. Researchers from have detected a new and undocumented PowerShell backdoor that supports downloading malware such as a keylogger and an infostealer. The code runs in the context of a .NET app without launching powershell.exe and thus avoiding detection.
iran (35)
In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted
Activity Summary - Week Ending on 22 December 2021:
- Red Sky Alliance identified 30,069 connections from new IP’s checking in with our Sinkholes
- dauction.ru Still has Issues after 4 weeks !
- Analysts identified 5,039 new IP addresses participating in various Botnets
- Log4j Vulnerability
- BlackCat
- AgentTesla Additions
- Iran Hackers
- Cyber and Medical Devices
- Attacking K-12 School Apps
- Cyber Port Protection
- Finite Recruitment
Link to full report: IR-21-356-001_weekly356.pdf
Activity Summary - Week Ending on 24 November 2021:
- Red Sky Alliance identified 26,071 connections from new IP’s checking in with our Sinkholes
- Analysts identified 2,849 new IP addresses participating in various Botnets
- DigitalOcean in the Cross-Hairs Again
- Magniber Ransomware
- Ransomware Still #1
- Attack Framework - Left to Right
- Core to the Edge
- Iran Cyber Bullies & Mahan Airlines
- Asia Financial Targets
- CBDC
- Environmentalists Sharing the Brave New World
Link to full report: IR-21-328-001_weekl
The US has seized the domains of 36 websites linked with Iran and Iraq for allegedly publishing disinformation and running malicious influencing campaigns targeting Americans, the Justice Department says. Thirty-three of the websites belong to the Iranian Islamic Radio and Television Union, or IRTVU, and three belong to Kata’ib Hizballah, or KH, a paramilitary group based in Iraq. KH has been designated as a foreign terrorist organization since 2009, and IRTVU was put under sanctions in Octobe
Iranian hackers have reportedly hit multiple Israeli companies with ransomware, in a new campaign of attacks. A group describing itself as 'N3tw0rm' (Networm) recently added the logo of H&M Israel to their naming and shaming website, just three days after another local firm, Veritas Logistics, was hit.
It is suspected that Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard," or ENP, to target over a dozen organiza
China, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.
Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal
The new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in the Middle East. In January 2021, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT).
The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multil
Our friends from the US Department of Homeland Security have provided an open source Threat Assessment for October 2020 - which is Cyber Security Awareness Month. The following is the Cyber Threat Assessment Section.
Cyber threats to the Homeland from both nation-states and non-state actors will remain acute. U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks. Federal, state, local, tribal and territorial governments, as well as the private sector, w
Summary
Red Sky Alliance recently learned of the defacement of multiple American websites by a self-proclaimed Iranian hacker as apparent revenge for the fatal US drone strike on Iranian General Qasem Soleimani. Evidence indicates that these are low level attacks looking to target convenient and insecure targets. The attacker, identifying as an Iranian hacker, posted a picture of General Soleimani on all of the defaced pages along with multiple social media accounts and a Gmail account; likely
DNATools Inc. application dnaLIMS is a “state-of-the art web-based laboratory information management system used to track and manage (scientific DNA research)”. It is commonly used by researchers in labs and universities around the world. In 2017, multiple vulnerabilities were discovered in this software. After the vendor was notified, their response indicates these vulnerabilities will not be fixed. It has been confirmed that these vulnerabilities still exist in the software and attack
