Iranian Hackers Attack Corporate IT Networks

Iranian groups are busy hacking companies around the world. Now, by exploiting newly disclosed bugs in VPNs, they’ve been inserting sophisticated, hard-to-find backdoors and security researchers have been warning since last August that attackers have been hacking unpatched VPN servers to gain remote access to corporate networks.

The experts at  ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways.

Computer experts working on behalf of the Islamic Republic have successfully hacked into hundreds of Israeli computers in a massive cyber-attack which was carried out last year. Citing an internal report commissioned by cyber security company ClearSky, Israeli daily Yedioth Ahronoth revealed recently that Iran successfully conducted a wide-scale data mining operation that collected intelligence information from numerous governments, including Israel.
 
The data breach also compromised "numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world."

The CEO of Clearsky Boaz Dolev told reportes that despite the cyber-attack, it was unlikely Tehran was able to acquire any information concerning advanced nuclear technology. "They can't even get close to such information," he said

The ongoing campaign, which ClearSky researchers call "Fox Kitten," has been targeting numerous sectors, including IT, telecommunications, oil and gas, aviation and security, as well as several government agencies. Researchers say they have seen attackers hitting targets in the US, Israel, Australia, Saudi Arabia, Lebanon, Kuwait, United Arab Emirates and several European countries.

According to ClearSky, the cyber-attack was aimed at accomplishing four goals:

  • Develop and maintain access routes to the targeted organisations.
  • Steal valuable information from the targeted organisations.
  • Maintain a long-lasting foothold at the targeted organisations. 
  • Breach additional companies through supply-chain attacks.

"We estimate the campaign revealed in this report to be among Iran’s most continuous and comprehensive campaigns revealed until now," ClearSky say in the report.

ClearSky:     i24News:      Security Boulevard:      BankInfoSecurity:

You Might Also Read: 

Charming Kittens: Phishing Emails From Iran:

 

 

« Chinese Hackers Go After Gambling Websites
The Cyber Skills Gap Increases »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.