Iranian Hackers Attack Corporate IT Networks

Iranian groups are busy hacking companies around the world. Now, by exploiting newly disclosed bugs in VPNs, they’ve been inserting sophisticated, hard-to-find backdoors and security researchers have been warning since last August that attackers have been hacking unpatched VPN servers to gain remote access to corporate networks.

The experts at  ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways.

Computer experts working on behalf of the Islamic Republic have successfully hacked into hundreds of Israeli computers in a massive cyber-attack which was carried out last year. Citing an internal report commissioned by cyber security company ClearSky, Israeli daily Yedioth Ahronoth revealed recently that Iran successfully conducted a wide-scale data mining operation that collected intelligence information from numerous governments, including Israel.
 
The data breach also compromised "numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world."

The CEO of Clearsky Boaz Dolev told reportes that despite the cyber-attack, it was unlikely Tehran was able to acquire any information concerning advanced nuclear technology. "They can't even get close to such information," he said

The ongoing campaign, which ClearSky researchers call "Fox Kitten," has been targeting numerous sectors, including IT, telecommunications, oil and gas, aviation and security, as well as several government agencies. Researchers say they have seen attackers hitting targets in the US, Israel, Australia, Saudi Arabia, Lebanon, Kuwait, United Arab Emirates and several European countries.

According to ClearSky, the cyber-attack was aimed at accomplishing four goals:

  • Develop and maintain access routes to the targeted organisations.
  • Steal valuable information from the targeted organisations.
  • Maintain a long-lasting foothold at the targeted organisations. 
  • Breach additional companies through supply-chain attacks.

"We estimate the campaign revealed in this report to be among Iran’s most continuous and comprehensive campaigns revealed until now," ClearSky say in the report.

ClearSky:     i24News:      Security Boulevard:      BankInfoSecurity:

You Might Also Read: 

Charming Kittens: Phishing Emails From Iran:

 

 

« Chinese Hackers Go After Gambling Websites
The Cyber Skills Gap Increases »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.