Iranian State-Sponsored Hackers Attacking Israel

Uploaded on 2024-09-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-Defence, FREE TO VIEW

A new campaign by the suspected Iranian state hacking group MuddyWater is targeting organisations in Israel and across the Middle East with a previously unseen custom backdoor, according to new research. The new malware variant was  recently analysed by researchers at Check Point, who dubbed it BugSleep, as well as researchers at Sekoia, who called it MuddyRot.

Now, the US  Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Cyber Security Advisory on August 28th 2024, regarding Iranian state-sponsored hackers.

According to the  Israel National Cyber Directorate (INCD), hackers working for the  Hamas terrorist group hacked into video streams from private security cameras in Israeli homes to gather intelligence before Hamas  descended on Israeli settlements to carry out murderous attacks on 7 October 2023.

  • According to the NCD, these hackers comprise various groups involved in trading access to organisations for financial gain, including organisations in education, finance, healthcare, and defence in Israel, the US, Azerbaijan, and the UAE.
  • According to CISA “The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and, separate from the ransomware activity, conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organisations in Israel and Azerbaijan),” says the

Operating under various aliases such as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, or Lemon Sandstorm, these Iranian cyber actors are also known as Br0k3r or “xplfinder” in their communication channels. 

While their primary role is to conduct state-sponsored computer network exploitation operations against Iran’s enemies, such as Israel, their activities extend to selling unauthorised access to companies globally for financial gain.The CISA  Advisory reveals that these Iranian actors are collaborating with specialist ransomware groups to facilitate encryption attacks in exchange for a share of the ransom payments.  These ransomware groups are named as  NoEscape, Ransomhouse, and ALPHV.

The hackers actively assist ransomware affiliates by teaching introducing them to them innovative exploits to lock  computer networks and extortion methods. According to CISA,  these groups conceal their Iranian location and nationality when interacting with their ransomware partners. 

These tactics were first deployed a significant cyber campaign against Israeli companies in 2020 aimed at disrupting  Israeli infrastructure, involved running a leak site on the Dark Web and publicising stolen data to undermine security, which is a well-recognised ransom method.

The same Iranian threat group are now targeting a wide range of Israeli targets , including schools, municipal governments, financial institutions, healthcare and individual citizens
 

CISA   |   I-HLS   |    Check Point   |    Computer Weekly   |    Times of Israel   |   Techtarget   |   The Record   |

Sekoia.io    

Image: Ideogram

You Might Also Read: 

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Rise Of SD-WAN And Its Implications For Security & Performance
AI & Biometrics In Cybersecurity »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Cassini

Cassini

Cassini Cyber Threat Intelligence (CTI) helps protect your organisation from cyber attacks using threat intelligence from trusted New Zealand agencies.