Where Is Iran's Cyber Response To It's General's Assassination?

Iranian cyberespionage operations are continuing at a steady pace, but so far no significant reaction has been seen in response to the January US drone strike that killed Iranian Gen. Qasem Soleimani (pictured) . Almost two months has passed since the assasination of  Soleimani attack and Secureworks is reporting the continuation of previously implemented espionage operations from Iran.

The researchers believe that Iranian threat groups are currently focusing on their long-running cyber espionage activities in efforts to gather valuable intelligence from some specific countries. These are primarily targeting governmental organisations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. 

The experts at Secureworks' Counter Threat Unit  say the Iranians are just keeping going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks. "In some cases, emails were sent with a malicious attachment to gain access, some email messages also contained a link to a compromised website, and there are confirmed cases where malicious documents were sent via a ZIP archive.... From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

Iran did quickly resort to a military strike launching a missile attack that struck several US bases in Iraq in response to Soleimani’s killing, followed by the mistaken killing of passengers on an innocent commercial airline flight. 

With the operations currently underway attackers are using multiple rounds spearphishing attacks to gain entrance to the targeted systems. In some cases, the emails contained links to malicious websites that allow the hacking groups to track their targets.

In other attacks the email had a malicious spreadsheet attached that was socially engineered to match the subject line of the email to encourage the recipient to click. Opening and enabling the attachment launches the embedded malicious VBScript which disables the machine’s security controls. Several payloads are then downloaded from an IP address hard-coded in the script.

Another attack viewed by Secureworks saw the attackers again using a spearphishing attack, but this time the malicious code was hidden inside an attached zip file storing a malicious Excel file that required the victim to activate a macro. In this case a new a previously unobserved RAT Securework’s researchers refer to as ForeLord is dropped and executed.

Secureworks:          Computing:         SC Magazine:         The Register:       Image: Ali Khameini

You Might Also Read: 

Big Cyber Attack Hits Iran:

 


 

« Cyber Attacks Predicted For 2020 Summer Olympics
An Escalating Cyber-Espionage Campaign In The Middle East »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

Lookout

Lookout

Lookout is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

ioSENTRIX

ioSENTRIX

ioSENTRIX offers tailored, risk-focused assessments that reduce true business risk.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.