Iranian State-Sponsored Hackers Attacking Israel

Uploaded on 2024-09-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-Defence, FREE TO VIEW

A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was  recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.

Now, the US  Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.

According to the  Israel National Cyber Directorate (INCD), hackers working for the  Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas  descended on Israeli settlements to carry out murderous attacks on 7 October 2023.

  • According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
  • According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the

Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels. 

While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA  Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments.  These ransomware groups are named as  NoEscape, Ransomhouse, and ALPHV.

The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock  computer networks and extortion methods. According to CISA,  these groups conceal their Iranian location and nationality when interacting with their ransomware partners. 

These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting  Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.

The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens
 

CISA   |   I-HLS   |    Check Point   |    Computer Weekly   |    Times of Israel   |   Techtarget   |   The Record   |

Sekoia.io    

Image: Ideogram

You Might Also Read: 

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Rise Of SD-WAN And Its Implications For Security & Performance
AI & Biometrics In Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IntSights

IntSights

IntSights is an intelligence driven security provider offering rapid, accurate cyberthreat intelligence and incident mitigation in real time

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.