Iranian Hackers Targeted Israel

Uploaded on 2023-05-01 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Iranian state-sponsored threat hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq.

An Iranian nation-state threat actor,  often called Educated Manticore has been linked to a new wave of phishing attacks that are using  using this new version of malware. targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess.

Other researchers have connected PowerLess to an Iranian actor known as Phosphorus, also tracked as Charming Kitten and APT35. The group has a past history of targeting academics who specialise in the fundamentalist Shiite theocracy.

Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains. In the report we reveal Iraq-themed lures, most likely used to target entities in Israel.

The new form of attack was first noticed in January when two people with Israeli IP addresses submitted the malicious file to VirusTotal, a database that tracks computer viruses.

The file is an ISO file called "Iraq development resources" containing a large number of files, including PDFs in Arabic, English and Hebrew containing academic content about Iraq.

The ISO file contains three folders, one with a Jpeg named "zoom.jpg," another containing the PDFs and other related files and another containing the same files encrypted.

Another file named "Iraq development resources" has a symbol indicating it is a folder, but is actually an executable file (.exe) that launches the actual malware when clicked.

After the .exe file is clicked, it decrypts and executes a downloader from the zoom.jpg file. The .exe file is filled with junk code in order to trick users and anti-virus software. The downloader is also filled with junk code and downloads malware called "PowerLess" which serves as a backdoor for hackers to access the affected computer.

The PowerLess backdoor, previously found by Cyberreason in February 2022, comes with capabilities to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.

The development is an indication that the adversary is continuously refining and retooling its malware arsenal to expand their functionality and resist analysis efforts, while also adopting enhanced methods to evade detection.

JPost:   Hacker News:   Infosecurity Magazine:   Checkpoint Software:   BankInfoSecurity

Times of Israel:  CSO Online

You Might Also Read: 

Attack On Israel’s Water Systems:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Facebook Delivers Fake Reviews
‘Tyrannical IT’ Is A Critical Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.