Iranian State Sponsored Hackers On The Attack

Uploaded on 2023-10-23 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Hackers connected to Iran’s government have spent eight months undetected inside the systems of an unspecified Middle East government, stealing files and emails, according to Symantec. Their research has identified the source of the attack as a hacking group they call Crambus, also known as APT34.

Since it was first detected in  2015, Crambus has been an active at the direction of the Iranian government, according to US and Israeli intelligence sources. 

According to Symantec, Crambus successfully implanted malware to "monitor incoming mails sent from an Exchange Server in order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers." Malicious was detected on at least 12 computers, with backdoors and keyloggers installed on a dozen other machines, indicating a widespread compromise of the unnamed target.

The malware monitors incoming emails to compromised mailboxes after logging into a Microsoft Exchange Server with hard-coded credentials, enables the threat actor to run arbitrary payloads and upload and download files from and to the infected host.

While the exact mode of initial access was not disclosed, it most likely used phishing emails. "Crambus is a long-running and experienced espionage group that has extensive expertise in carrying out long campaigns aimed at targets of interest to Iran," Symantec said. "Its activities over the past two years demonstrate that it represents a continuing threat for organisations in the Middle East and further afield."

In addition the PowerExchange backdoor, Symantec discovered that the hackers used three previously undiscovered pieces of malware, described as "a number of living-off-the-land” implants. 

Symantec:   DarkReading:     The Record:    Security Week:     Forbes:    HackerNews:     

Image: FarkhodVakhob9TJK9

You Might Also Read:

Iranian Hackers Using Windows Kernel Driver:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security In Space Communications
A Perfect Storm Of Cyber Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.

Pantherun Technologies

Pantherun Technologies

Pantherun is a pioneering force in the realm of encryption technology and data protection solutions.

United Nations Office of Counter-Terrorism (UNOCT)

United Nations Office of Counter-Terrorism (UNOCT)

UNOCT provides UN Member States with the necessary policy support of the UN Global Counter-Terrorism Strategy, and wherever necessary, expedites delivery of technical assistance.