Iranian State-Sponsored Hackers Attacking Israel

Uploaded on 2024-09-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-Defence, FREE TO VIEW

A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was  recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.

Now, the US  Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.

According to the  Israel National Cyber Directorate (INCD), hackers working for the  Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas  descended on Israeli settlements to carry out murderous attacks on 7 October 2023.

  • According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
  • According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the

Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels. 

While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA  Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments.  These ransomware groups are named as  NoEscape, Ransomhouse, and ALPHV.

The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock  computer networks and extortion methods. According to CISA,  these groups conceal their Iranian location and nationality when interacting with their ransomware partners. 

These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting  Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.

The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens
 

CISA   |   I-HLS   |    Check Point   |    Computer Weekly   |    Times of Israel   |   Techtarget   |   The Record   |

Sekoia.io    

Image: Ideogram

You Might Also Read: 

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Rise Of SD-WAN And Its Implications For Security & Performance
AI & Biometrics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.