Where Is Iran's Cyber Response To It's General's Assassination?

Iranian cyberespionage operations are continuing at a steady pace, but so far no significant reaction has been seen in response to the January US drone strike that killed Iranian Gen. Qasem Soleimani (pictured) . Almost two months has passed since the assasination of  Soleimani attack and Secureworks is reporting the continuation of previously implemented espionage operations from Iran.

The researchers believe that Iranian threat groups are currently focusing on their long-running cyber espionage activities in efforts to gather valuable intelligence from some specific countries. These are primarily targeting governmental organisations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. 

The experts at Secureworks' Counter Threat Unit  say the Iranians are just keeping going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks. "In some cases, emails were sent with a malicious attachment to gain access, some email messages also contained a link to a compromised website, and there are confirmed cases where malicious documents were sent via a ZIP archive.... From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

Iran did quickly resort to a military strike launching a missile attack that struck several US bases in Iraq in response to Soleimani’s killing, followed by the mistaken killing of passengers on an innocent commercial airline flight. 

With the operations currently underway attackers are using multiple rounds spearphishing attacks to gain entrance to the targeted systems. In some cases, the emails contained links to malicious websites that allow the hacking groups to track their targets.

In other attacks the email had a malicious spreadsheet attached that was socially engineered to match the subject line of the email to encourage the recipient to click. Opening and enabling the attachment launches the embedded malicious VBScript which disables the machine’s security controls. Several payloads are then downloaded from an IP address hard-coded in the script.

Another attack viewed by Secureworks saw the attackers again using a spearphishing attack, but this time the malicious code was hidden inside an attached zip file storing a malicious Excel file that required the victim to activate a macro. In this case a new a previously unobserved RAT Securework’s researchers refer to as ForeLord is dropped and executed.

Secureworks:          Computing:         SC Magazine:         The Register:       Image: Ali Khameini

You Might Also Read: 

Big Cyber Attack Hits Iran:

 


 

« Cyber Attacks Predicted For 2020 Summer Olympics
An Escalating Cyber-Espionage Campaign In The Middle East »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyberis

Cyberis

Cyberis is an independent information security consultancy delivering coherent security, risk management and assurance through a unified range of innovative services and solutions.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (previously iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Trustaira

Trustaira

Trustaira provides end-to-end advisory, protection and monitoring services and solutions are focused to protect our clients’ information, IT infrastructure, networks, applications and databases.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.