Iranian Hackers Attack Corporate IT Networks
Iranian groups are busy hacking companies around the world. Now, by exploiting newly disclosed bugs in VPNs, they’ve been inserting sophisticated, hard-to-find backdoors and security researchers have been warning since last August that attackers have been hacking unpatched VPN servers to gain remote access to corporate networks.
The experts at ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways.
Computer experts working on behalf of the Islamic Republic have successfully hacked into hundreds of Israeli computers in a massive cyber-attack which was carried out last year. Citing an internal report commissioned by cyber security company ClearSky, Israeli daily Yedioth Ahronoth revealed recently that Iran successfully conducted a wide-scale data mining operation that collected intelligence information from numerous governments, including Israel.
The data breach also compromised "numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world."
The CEO of Clearsky Boaz Dolev told reportes that despite the cyber-attack, it was unlikely Tehran was able to acquire any information concerning advanced nuclear technology. "They can't even get close to such information," he said
The ongoing campaign, which ClearSky researchers call "Fox Kitten," has been targeting numerous sectors, including IT, telecommunications, oil and gas, aviation and security, as well as several government agencies. Researchers say they have seen attackers hitting targets in the US, Israel, Australia, Saudi Arabia, Lebanon, Kuwait, United Arab Emirates and several European countries.
According to ClearSky, the cyber-attack was aimed at accomplishing four goals:
- Develop and maintain access routes to the targeted organisations.
- Steal valuable information from the targeted organisations.
- Maintain a long-lasting foothold at the targeted organisations.
- Breach additional companies through supply-chain attacks.
"We estimate the campaign revealed in this report to be among Iran’s most continuous and comprehensive campaigns revealed until now," ClearSky say in the report.
ClearSky: i24News: Security Boulevard: BankInfoSecurity:
You Might Also Read:
Charming Kittens: Phishing Emails From Iran: