Iranian Hackers Targeted Israel

Uploaded on 2023-05-01 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Iranian state-sponsored threat hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq.

An Iranian nation-state threat actor,  often called Educated Manticore has been linked to a new wave of phishing attacks that are using  using this new version of malware. targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess.

Other researchers have connected PowerLess to an Iranian actor known as Phosphorus, also tracked as Charming Kitten and APT35. The group has a past history of targeting academics who specialise in the fundamentalist Shiite theocracy.

Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains. In the report we reveal Iraq-themed lures, most likely used to target entities in Israel.

The new form of attack was first noticed in January when two people with Israeli IP addresses submitted the malicious file to VirusTotal, a database that tracks computer viruses.

The file is an ISO file called "Iraq development resources" containing a large number of files, including PDFs in Arabic, English and Hebrew containing academic content about Iraq.

The ISO file contains three folders, one with a Jpeg named "zoom.jpg," another containing the PDFs and other related files and another containing the same files encrypted.

Another file named "Iraq development resources" has a symbol indicating it is a folder, but is actually an executable file (.exe) that launches the actual malware when clicked.

After the .exe file is clicked, it decrypts and executes a downloader from the zoom.jpg file. The .exe file is filled with junk code in order to trick users and anti-virus software. The downloader is also filled with junk code and downloads malware called "PowerLess" which serves as a backdoor for hackers to access the affected computer.

The PowerLess backdoor, previously found by Cyberreason in February 2022, comes with capabilities to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.

The development is an indication that the adversary is continuously refining and retooling its malware arsenal to expand their functionality and resist analysis efforts, while also adopting enhanced methods to evade detection.

JPost:   Hacker News:   Infosecurity Magazine:   Checkpoint Software:   BankInfoSecurity

Times of Israel:  CSO Online

You Might Also Read: 

Attack On Israel’s Water Systems:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Facebook Delivers Fake Reviews
‘Tyrannical IT’ Is A Critical Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

Intechtel

Intechtel

Intechtel is a cyber security company, in addition to providing other internet, technology and telephone services.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

evolutionQ

evolutionQ

evolutionQ delivers quantum-risk management strategies and robust cybersecurity tools designed to be safe in an era with quantum computing technologies.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.