Iranian State Sponsored Hackers On The Attack

Uploaded on 2023-10-23 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Hackers connected to Iran’s government have spent eight months undetected inside the systems of an unspecified Middle East government, stealing files and emails, according to Symantec. Their research has identified the source of the attack as a hacking group they call Crambus, also known as APT34.

Since it was first detected in  2015, Crambus has been an active at the direction of the Iranian government, according to US and Israeli intelligence sources. 

According to Symantec, Crambus successfully implanted malware to "monitor incoming mails sent from an Exchange Server in order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers." Malicious was detected on at least 12 computers, with backdoors and keyloggers installed on a dozen other machines, indicating a widespread compromise of the unnamed target.

The malware monitors incoming emails to compromised mailboxes after logging into a Microsoft Exchange Server with hard-coded credentials, enables the threat actor to run arbitrary payloads and upload and download files from and to the infected host.

While the exact mode of initial access was not disclosed, it most likely used phishing emails. "Crambus is a long-running and experienced espionage group that has extensive expertise in carrying out long campaigns aimed at targets of interest to Iran," Symantec said. "Its activities over the past two years demonstrate that it represents a continuing threat for organisations in the Middle East and further afield."

In addition the PowerExchange backdoor, Symantec discovered that the hackers used three previously undiscovered pieces of malware, described as "a number of living-off-the-land” implants. 

Symantec:   DarkReading:     The Record:    Security Week:     Forbes:    HackerNews:     

Image: FarkhodVakhob9TJK9

You Might Also Read:

Iranian Hackers Using Windows Kernel Driver:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security In Space Communications
A Perfect Storm Of Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

German Cyber Security Organisation (DCSO)

German Cyber Security Organisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.