Iranian Hackers Target Israeli Citizens

Uploaded on 2024-08-29 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Amid increasing tensions between Israel and Iran, a leading religious figure in Israel was recently targeted by a known Iranian hacker, notorious for elaborate spear-phishing campaigns. These Iranian  hackers have been ramping  up phishing attacks against high-profile individuals in Israel.

Researchers from Proofpoint have identified this latest campaign, conducted by the group under various aliases including TA453, APT42, Charming Kitten, Yellow Garuda, and ITG18, which is targeting organisations and individuals in Israel and across the Middle East.

According to Proofpoint, once the target responded, TA453 sent a DocSend URL, a service for secure document sharing, that was password protected. Starting in July this year, TA453 contacted multiple email addresses for a prominent Jewish figure while pretending to be the Research Director for the Institute for the Study of War (ISW). The lure purported to invite the target to be a guest on a podcast hosted by ISW. This link led to a text file containing a URL to the genuine ISW podcast, which the attackers were pretending to be.

This tactic was designed to normalise the process of clicking on links and entering passwords, preparing the target for the actual malware delivery.

In subsequent interactions, the hackers sent a Google Drive URL containing a ZIP file named “Podcast Plan-2024.zip.” This ZIP file contained an LNK file labelled “Podcast Plan 2024.lnk,” which was concealed behind a decoy PDF. The LNK file was used to deploy the BlackSmith toolset, that loaded the AnvilEcho PowerShell Trojan.

Proofpoint researchers observed that TA453 attempts to evade detection by complicating the infection chain and combining multiple malicious functions into a single PowerShell script. 

The malware is tailored for intelligence collection and data exfiltration, often utilising legitimate services like Dropbox for these activities. It is important to be aware of the sophisticated ways Iranian hackers target Israelis and employ precautions.

Proofpoint   |    I-HLS   |  The Record   |   The Record   |   Economist   |    Hacker News 

Image: Ideogram

You Might Also Read: 

APT42: Iranian Hackers At Work:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Mobile & On-Line Banking Cyber Security
Mobile & On-Line Banking Cyber Security [extract] »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

Cyberguardians

Cyberguardians

Cyberguardians is a team of experienced cybersecurity experts and consultants who always believe in the value and a high level of cybersecurity services to clients.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.