Iranian Hackers Target Israeli Citizens

Uploaded on 2024-08-29 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Amid increasing tensions between Israel and Iran, a leading religious figure in Israel was recently targeted by a known Iranian hacker, notorious for elaborate spear-phishing campaigns. These Iranian  hackers have been ramping  up phishing attacks against high-profile individuals in Israel.

Researchers from Proofpoint have identified this latest campaign, conducted by the group under various aliases including TA453, APT42, Charming Kitten, Yellow Garuda, and ITG18, which is targeting organisations and individuals in Israel and across the Middle East.

According to Proofpoint, once the target responded, TA453 sent a DocSend URL, a service for secure document sharing, that was password protected. Starting in July this year, TA453 contacted multiple email addresses for a prominent Jewish figure while pretending to be the Research Director for the Institute for the Study of War (ISW). The lure purported to invite the target to be a guest on a podcast hosted by ISW. This link led to a text file containing a URL to the genuine ISW podcast, which the attackers were pretending to be.

This tactic was designed to normalise the process of clicking on links and entering passwords, preparing the target for the actual malware delivery.

In subsequent interactions, the hackers sent a Google Drive URL containing a ZIP file named “Podcast Plan-2024.zip.” This ZIP file contained an LNK file labelled “Podcast Plan 2024.lnk,” which was concealed behind a decoy PDF. The LNK file was used to deploy the BlackSmith toolset, that loaded the AnvilEcho PowerShell Trojan.

Proofpoint researchers observed that TA453 attempts to evade detection by complicating the infection chain and combining multiple malicious functions into a single PowerShell script. 

The malware is tailored for intelligence collection and data exfiltration, often utilising legitimate services like Dropbox for these activities. It is important to be aware of the sophisticated ways Iranian hackers target Israelis and employ precautions.

Proofpoint   |    I-HLS   |  The Record   |   The Record   |   Economist   |    Hacker News 

Image: Ideogram

You Might Also Read: 

APT42: Iranian Hackers At Work:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Mobile & On-Line Banking Cyber Security
Mobile & On-Line Banking Cyber Security [extract] »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.