Where Is Iran's Cyber Response To It's General's Assassination?

Iranian cyberespionage operations are continuing at a steady pace, but so far no significant reaction has been seen in response to the January US drone strike that killed Iranian Gen. Qasem Soleimani (pictured) . Almost two months has passed since the assasination of  Soleimani attack and Secureworks is reporting the continuation of previously implemented espionage operations from Iran.

The researchers believe that Iranian threat groups are currently focusing on their long-running cyber espionage activities in efforts to gather valuable intelligence from some specific countries. These are primarily targeting governmental organisations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. 

The experts at Secureworks' Counter Threat Unit  say the Iranians are just keeping going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks. "In some cases, emails were sent with a malicious attachment to gain access, some email messages also contained a link to a compromised website, and there are confirmed cases where malicious documents were sent via a ZIP archive.... From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

Iran did quickly resort to a military strike launching a missile attack that struck several US bases in Iraq in response to Soleimani’s killing, followed by the mistaken killing of passengers on an innocent commercial airline flight. 

With the operations currently underway attackers are using multiple rounds spearphishing attacks to gain entrance to the targeted systems. In some cases, the emails contained links to malicious websites that allow the hacking groups to track their targets.

In other attacks the email had a malicious spreadsheet attached that was socially engineered to match the subject line of the email to encourage the recipient to click. Opening and enabling the attachment launches the embedded malicious VBScript which disables the machine’s security controls. Several payloads are then downloaded from an IP address hard-coded in the script.

Another attack viewed by Secureworks saw the attackers again using a spearphishing attack, but this time the malicious code was hidden inside an attached zip file storing a malicious Excel file that required the victim to activate a macro. In this case a new a previously unobserved RAT Securework’s researchers refer to as ForeLord is dropped and executed.

Secureworks:          Computing:         SC Magazine:         The Register:       Image: Ali Khameini

You Might Also Read: 

Big Cyber Attack Hits Iran:

 


 

« Cyber Attacks Predicted For 2020 Summer Olympics
An Escalating Cyber-Espionage Campaign In The Middle East »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.