Iranian Hackers Target Israeli Citizens

Uploaded on 2024-08-29 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Amid increasing tensions between Israel and Iran, a leading religious figure in Israel was recently targeted by a known Iranian hacker, notorious for elaborate spear-phishing campaigns. These Iranian  hackers have been ramping  up phishing attacks against high-profile individuals in Israel.

Researchers from Proofpoint have identified this latest campaign, conducted by the group under various aliases including TA453, APT42, Charming Kitten, Yellow Garuda, and ITG18, which is targeting organisations and individuals in Israel and across the Middle East.

According to Proofpoint, once the target responded, TA453 sent a DocSend URL, a service for secure document sharing, that was password protected. Starting in July this year, TA453 contacted multiple email addresses for a prominent Jewish figure while pretending to be the Research Director for the Institute for the Study of War (ISW). The lure purported to invite the target to be a guest on a podcast hosted by ISW. This link led to a text file containing a URL to the genuine ISW podcast, which the attackers were pretending to be.

This tactic was designed to normalise the process of clicking on links and entering passwords, preparing the target for the actual malware delivery.

In subsequent interactions, the hackers sent a Google Drive URL containing a ZIP file named “Podcast Plan-2024.zip.” This ZIP file contained an LNK file labelled “Podcast Plan 2024.lnk,” which was concealed behind a decoy PDF. The LNK file was used to deploy the BlackSmith toolset, that loaded the AnvilEcho PowerShell Trojan.

Proofpoint researchers observed that TA453 attempts to evade detection by complicating the infection chain and combining multiple malicious functions into a single PowerShell script. 

The malware is tailored for intelligence collection and data exfiltration, often utilising legitimate services like Dropbox for these activities. It is important to be aware of the sophisticated ways Iranian hackers target Israelis and employ precautions.

Proofpoint   |    I-HLS   |  The Record   |   The Record   |   Economist   |    Hacker News 

Image: Ideogram

You Might Also Read: 

APT42: Iranian Hackers At Work:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Mobile & On-Line Banking Cyber Security
Mobile & On-Line Banking Cyber Security [extract] »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

SecureBrain

SecureBrain

SecureBrain software and services help protect against Japanese-specific cybercrime and global internet security threats such as online fraud, phishing, drive-by downloads and malware attacks.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.