Iranian State-Sponsored Hackers Attacking Israel

A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was  recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.

Now, the US  Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.

According to the  Israel National Cyber Directorate (INCD), hackers working for the  Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas  descended on Israeli settlements to carry out murderous attacks on 7 October 2023.

  • According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
  • According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the

Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels. 

While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA  Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments.  These ransomware groups are named as  NoEscape, Ransomhouse, and ALPHV.

The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock  computer networks and extortion methods. According to CISA,  these groups conceal their Iranian location and nationality when interacting with their ransomware partners. 

These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting  Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.

The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens
 

CISA   |   I-HLS   |    Check Point   |    Computer Weekly   |    Times of Israel   |   Techtarget   |   The Record   |

Sekoia.io    

Image: Ideogram

You Might Also Read: 

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Rise Of SD-WAN And Its Implications For Security & Performance
AI & Biometrics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

CyberPoint

CyberPoint

CyberPoint delivers innovative, leading-edge cyber security products, solutions, and services to customers worldwide.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.