Where Is Iran's Cyber Response To It's General's Assassination?

Iranian cyberespionage operations are continuing at a steady pace, but so far no significant reaction has been seen in response to the January US drone strike that killed Iranian Gen. Qasem Soleimani (pictured) . Almost two months has passed since the assasination of  Soleimani attack and Secureworks is reporting the continuation of previously implemented espionage operations from Iran.

The researchers believe that Iranian threat groups are currently focusing on their long-running cyber espionage activities in efforts to gather valuable intelligence from some specific countries. These are primarily targeting governmental organisations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. 

The experts at Secureworks' Counter Threat Unit  say the Iranians are just keeping going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks. "In some cases, emails were sent with a malicious attachment to gain access, some email messages also contained a link to a compromised website, and there are confirmed cases where malicious documents were sent via a ZIP archive.... From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

Iran did quickly resort to a military strike launching a missile attack that struck several US bases in Iraq in response to Soleimani’s killing, followed by the mistaken killing of passengers on an innocent commercial airline flight. 

With the operations currently underway attackers are using multiple rounds spearphishing attacks to gain entrance to the targeted systems. In some cases, the emails contained links to malicious websites that allow the hacking groups to track their targets.

In other attacks the email had a malicious spreadsheet attached that was socially engineered to match the subject line of the email to encourage the recipient to click. Opening and enabling the attachment launches the embedded malicious VBScript which disables the machine’s security controls. Several payloads are then downloaded from an IP address hard-coded in the script.

Another attack viewed by Secureworks saw the attackers again using a spearphishing attack, but this time the malicious code was hidden inside an attached zip file storing a malicious Excel file that required the victim to activate a macro. In this case a new a previously unobserved RAT Securework’s researchers refer to as ForeLord is dropped and executed.

Secureworks:          Computing:         SC Magazine:         The Register:       Image: Ali Khameini

You Might Also Read: 

Big Cyber Attack Hits Iran:

 


 

« Cyber Attacks Predicted For 2020 Summer Olympics
An Escalating Cyber-Espionage Campaign In The Middle East »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

EclecticIQ

EclecticIQ

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.