Iranian State Sponsored Hackers On The Attack

Uploaded on 2023-10-23 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Hackers connected to Iran’s government have spent eight months undetected inside the systems of an unspecified Middle East government, stealing files and emails, according to Symantec. Their research has identified the source of the attack as a hacking group they call Crambus, also known as APT34.

Since it was first detected in  2015, Crambus has been an active at the direction of the Iranian government, according to US and Israeli intelligence sources. 

According to Symantec, Crambus successfully implanted malware to "monitor incoming mails sent from an Exchange Server in order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers." Malicious was detected on at least 12 computers, with backdoors and keyloggers installed on a dozen other machines, indicating a widespread compromise of the unnamed target.

The malware monitors incoming emails to compromised mailboxes after logging into a Microsoft Exchange Server with hard-coded credentials, enables the threat actor to run arbitrary payloads and upload and download files from and to the infected host.

While the exact mode of initial access was not disclosed, it most likely used phishing emails. "Crambus is a long-running and experienced espionage group that has extensive expertise in carrying out long campaigns aimed at targets of interest to Iran," Symantec said. "Its activities over the past two years demonstrate that it represents a continuing threat for organisations in the Middle East and further afield."

In addition the PowerExchange backdoor, Symantec discovered that the hackers used three previously undiscovered pieces of malware, described as "a number of living-off-the-land” implants. 

Symantec:   DarkReading:     The Record:    Security Week:     Forbes:    HackerNews:     

Image: FarkhodVakhob9TJK9

You Might Also Read:

Iranian Hackers Using Windows Kernel Driver:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security In Space Communications
A Perfect Storm Of Cyber Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Druva

Druva

Druva is the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10m guarantee.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.