Iranian Hackers Target Israeli Citizens

Uploaded on 2024-08-29 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Amid increasing tensions between Israel and Iran, a leading religious figure in Israel was recently targeted by a known Iranian hacker, notorious for elaborate spear-phishing campaigns. These Iranian  hackers have been ramping  up phishing attacks against high-profile individuals in Israel.

Researchers from Proofpoint have identified this latest campaign, conducted by the group under various aliases including TA453, APT42, Charming Kitten, Yellow Garuda, and ITG18, which is targeting organisations and individuals in Israel and across the Middle East.

According to Proofpoint, once the target responded, TA453 sent a DocSend URL, a service for secure document sharing, that was password protected. Starting in July this year, TA453 contacted multiple email addresses for a prominent Jewish figure while pretending to be the Research Director for the Institute for the Study of War (ISW). The lure purported to invite the target to be a guest on a podcast hosted by ISW. This link led to a text file containing a URL to the genuine ISW podcast, which the attackers were pretending to be.

This tactic was designed to normalise the process of clicking on links and entering passwords, preparing the target for the actual malware delivery.

In subsequent interactions, the hackers sent a Google Drive URL containing a ZIP file named “Podcast Plan-2024.zip.” This ZIP file contained an LNK file labelled “Podcast Plan 2024.lnk,” which was concealed behind a decoy PDF. The LNK file was used to deploy the BlackSmith toolset, that loaded the AnvilEcho PowerShell Trojan.

Proofpoint researchers observed that TA453 attempts to evade detection by complicating the infection chain and combining multiple malicious functions into a single PowerShell script. 

The malware is tailored for intelligence collection and data exfiltration, often utilising legitimate services like Dropbox for these activities. It is important to be aware of the sophisticated ways Iranian hackers target Israelis and employ precautions.

Proofpoint   |    I-HLS   |  The Record   |   The Record   |   Economist   |    Hacker News 

Image: Ideogram

You Might Also Read: 

APT42: Iranian Hackers At Work:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Mobile & On-Line Banking Cyber Security
Mobile & On-Line Banking Cyber Security [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.

Whalebone

Whalebone

Whalebone develop user-centric, no-installation network security products for telcos, internet service providers, enterprises, public institutions, and governments.