Iranian Hackers Targeted Israel

Iranian state-sponsored threat hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq.

An Iranian nation-state threat actor,  often called Educated Manticore has been linked to a new wave of phishing attacks that are using  using this new version of malware. targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess.

Other researchers have connected PowerLess to an Iranian actor known as Phosphorus, also tracked as Charming Kitten and APT35. The group has a past history of targeting academics who specialise in the fundamentalist Shiite theocracy.

Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains. In the report we reveal Iraq-themed lures, most likely used to target entities in Israel.

The new form of attack was first noticed in January when two people with Israeli IP addresses submitted the malicious file to VirusTotal, a database that tracks computer viruses.

The file is an ISO file called "Iraq development resources" containing a large number of files, including PDFs in Arabic, English and Hebrew containing academic content about Iraq.

The ISO file contains three folders, one with a Jpeg named "zoom.jpg," another containing the PDFs and other related files and another containing the same files encrypted.

Another file named "Iraq development resources" has a symbol indicating it is a folder, but is actually an executable file (.exe) that launches the actual malware when clicked.

After the .exe file is clicked, it decrypts and executes a downloader from the zoom.jpg file. The .exe file is filled with junk code in order to trick users and anti-virus software. The downloader is also filled with junk code and downloads malware called "PowerLess" which serves as a backdoor for hackers to access the affected computer.

The PowerLess backdoor, previously found by Cyberreason in February 2022, comes with capabilities to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.

The development is an indication that the adversary is continuously refining and retooling its malware arsenal to expand their functionality and resist analysis efforts, while also adopting enhanced methods to evade detection.

JPost:   Hacker News:   Infosecurity Magazine:   Checkpoint Software:   BankInfoSecurity

Times of Israel:  CSO Online

You Might Also Read: 

Attack On Israel’s Water Systems:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Facebook Delivers Fake Reviews
‘Tyrannical IT’ Is A Critical Threat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Chatham House Cyber Conference

Chatham House Cyber Conference

14 June 2023 - Connect with cyber security experts and senior policymakers to explore the role of cyber security in the global economy and how to deliver an open and secure internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Sothis

Sothis

Sothis is an information technology services company offering a range of solutions including cybersecurity, managed security services, information governance and compliance.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Worldr

Worldr

Worldr solves security and data protection in team communication, without compromising usability, allowing professionals to communicate and collaborate securely and seamlessly.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.