Iranian State-Sponsored Hackers Attacking Israel
A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.
Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.
According to the Israel National Cyber Directorate (INCD), hackers working for the Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas descended on Israeli settlements to carry out murderous attacks on 7 October 2023.
- According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
- According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the
Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels.
While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments. These ransomware groups are named as NoEscape, Ransomhouse, and ALPHV.
The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock computer networks and extortion methods. According to CISA, these groups conceal their Iranian location and nationality when interacting with their ransomware partners.
These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.
The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens.
CISA | I-HLS | Check Point | Computer Weekly | Times of Israel | Techtarget | The Record |
You Might Also Read:
Israel-Hamas Conflict: The Escalation Of Cyberwarfare:
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible