Iranian State-Sponsored Hackers Attacking Israel

A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was  recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.

Now, the US  Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.

According to the  Israel National Cyber Directorate (INCD), hackers working for the  Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas  descended on Israeli settlements to carry out murderous attacks on 7 October 2023.

  • According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
  • According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the

Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels. 

While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA  Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments.  These ransomware groups are named as  NoEscape, Ransomhouse, and ALPHV.

The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock  computer networks and extortion methods. According to CISA,  these groups conceal their Iranian location and nationality when interacting with their ransomware partners. 

These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting  Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.

The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens
 

CISA   |   I-HLS   |    Check Point   |    Computer Weekly   |    Times of Israel   |   Techtarget   |   The Record   |

Sekoia.io    

Image: Ideogram

You Might Also Read: 

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Rise Of SD-WAN And Its Implications For Security & Performance
AI & Biometrics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

BlastWave

BlastWave

BlastWave’s BlastShield integrates three innovative products into a single solution to help prevent inadvertent and intentional attacks.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.