Iranian State Sponsored Hackers On The Attack

Hackers connected to Iran’s government have spent eight months undetected inside the systems of an unspecified Middle East government, stealing files and emails, according to Symantec. Their research has identified the source of the attack as a hacking group they call Crambus, also known as APT34.

Since it was first detected in  2015, Crambus has been an active at the direction of the Iranian government, according to US and Israeli intelligence sources. 

According to Symantec, Crambus successfully implanted malware to "monitor incoming mails sent from an Exchange Server in order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers." Malicious was detected on at least 12 computers, with backdoors and keyloggers installed on a dozen other machines, indicating a widespread compromise of the unnamed target.

The malware monitors incoming emails to compromised mailboxes after logging into a Microsoft Exchange Server with hard-coded credentials, enables the threat actor to run arbitrary payloads and upload and download files from and to the infected host.

While the exact mode of initial access was not disclosed, it most likely used phishing emails. "Crambus is a long-running and experienced espionage group that has extensive expertise in carrying out long campaigns aimed at targets of interest to Iran," Symantec said. "Its activities over the past two years demonstrate that it represents a continuing threat for organisations in the Middle East and further afield."

In addition the PowerExchange backdoor, Symantec discovered that the hackers used three previously undiscovered pieces of malware, described as "a number of living-off-the-land” implants. 

Symantec:   DarkReading:     The Record:    Security Week:     Forbes:    HackerNews:     

Image: FarkhodVakhob9TJK9

You Might Also Read:

Iranian Hackers Using Windows Kernel Driver:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Security In Space Communications
A Perfect Storm Of Cyber Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.