Where Is Iran's Cyber Response To It's General's Assassination?

Iranian cyberespionage operations are continuing at a steady pace, but so far no significant reaction has been seen in response to the January US drone strike that killed Iranian Gen. Qasem Soleimani (pictured) . Almost two months has passed since the assasination of  Soleimani attack and Secureworks is reporting the continuation of previously implemented espionage operations from Iran.

The researchers believe that Iranian threat groups are currently focusing on their long-running cyber espionage activities in efforts to gather valuable intelligence from some specific countries. These are primarily targeting governmental organisations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. 

The experts at Secureworks' Counter Threat Unit  say the Iranians are just keeping going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks. "In some cases, emails were sent with a malicious attachment to gain access, some email messages also contained a link to a compromised website, and there are confirmed cases where malicious documents were sent via a ZIP archive.... From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

Iran did quickly resort to a military strike launching a missile attack that struck several US bases in Iraq in response to Soleimani’s killing, followed by the mistaken killing of passengers on an innocent commercial airline flight. 

With the operations currently underway attackers are using multiple rounds spearphishing attacks to gain entrance to the targeted systems. In some cases, the emails contained links to malicious websites that allow the hacking groups to track their targets.

In other attacks the email had a malicious spreadsheet attached that was socially engineered to match the subject line of the email to encourage the recipient to click. Opening and enabling the attachment launches the embedded malicious VBScript which disables the machine’s security controls. Several payloads are then downloaded from an IP address hard-coded in the script.

Another attack viewed by Secureworks saw the attackers again using a spearphishing attack, but this time the malicious code was hidden inside an attached zip file storing a malicious Excel file that required the victim to activate a macro. In this case a new a previously unobserved RAT Securework’s researchers refer to as ForeLord is dropped and executed.

Secureworks:          Computing:         SC Magazine:         The Register:       Image: Ali Khameini

You Might Also Read: 

Big Cyber Attack Hits Iran:

 


 

« Cyber Attacks Predicted For 2020 Summer Olympics
An Escalating Cyber-Espionage Campaign In The Middle East »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

iTechArt Group

iTechArt Group

iTechArt is a top-tier custom software development company offering Cybersecurity Consulting, Application Security Testing, Risk Management and Compliance, and Infrastructure Security services.

DECODE

DECODE

DECODE is the premier cyber security conference in the Philippines hosted by Trend Micro.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.