Iranian Hackers Targeted Israel

Uploaded on 2023-05-01 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Iranian state-sponsored threat hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq.

An Iranian nation-state threat actor,  often called Educated Manticore has been linked to a new wave of phishing attacks that are using  using this new version of malware. targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess.

Other researchers have connected PowerLess to an Iranian actor known as Phosphorus, also tracked as Charming Kitten and APT35. The group has a past history of targeting academics who specialise in the fundamentalist Shiite theocracy.

Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains. In the report we reveal Iraq-themed lures, most likely used to target entities in Israel.

The new form of attack was first noticed in January when two people with Israeli IP addresses submitted the malicious file to VirusTotal, a database that tracks computer viruses.

The file is an ISO file called "Iraq development resources" containing a large number of files, including PDFs in Arabic, English and Hebrew containing academic content about Iraq.

The ISO file contains three folders, one with a Jpeg named "zoom.jpg," another containing the PDFs and other related files and another containing the same files encrypted.

Another file named "Iraq development resources" has a symbol indicating it is a folder, but is actually an executable file (.exe) that launches the actual malware when clicked.

After the .exe file is clicked, it decrypts and executes a downloader from the zoom.jpg file. The .exe file is filled with junk code in order to trick users and anti-virus software. The downloader is also filled with junk code and downloads malware called "PowerLess" which serves as a backdoor for hackers to access the affected computer.

The PowerLess backdoor, previously found by Cyberreason in February 2022, comes with capabilities to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.

The development is an indication that the adversary is continuously refining and retooling its malware arsenal to expand their functionality and resist analysis efforts, while also adopting enhanced methods to evade detection.

JPost:   Hacker News:   Infosecurity Magazine:   Checkpoint Software:   BankInfoSecurity

Times of Israel:  CSO Online

You Might Also Read: 

Attack On Israel’s Water Systems:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Facebook Delivers Fake Reviews
‘Tyrannical IT’ Is A Critical Threat »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.

WideField Security

WideField Security

WideField Security a venture backed cybersecurity startup helps enterprise protect their identity attack surface.

VirtualMetric

VirtualMetric

VirtualMetric delivers performance-driven IT monitoring and log management solutions that simplify complex environments.