Tag Archive for: Iranian

US indicts Iranian over widespread hacking campaign


Iranian national Alireza Shafie Nasab has been charged by the U.S. for his involvement in the targeting of more than 200,000 devices in an attempt to hack U.S. government agencies, defense contractors, and private organizations for nearly five years, reports The Register.

U.S. organizations have been subjected to spear-phishing, software, and social engineering attacks by Nasab and his co-conspirators operating under the Mahak Rayan Afraz business between 2016 and April 2021, according to the Justice Department. While Nasab could face up to 47 years’ imprisonment for his charges, his location remains unknown, prompting the State Department to unveil a $10 million bounty for any information regarding his whereabouts. “Today’s charges highlight Iran’s corrupt cyber ecosystem, in which criminals are given free rein to target computer systems abroad and threaten U.S. sensitive information and critical infrastructure. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account,” said Assistant Attorney General for National Security Matthew Olsen.

Source…

Report Says Iranian Hackers Targeting Israeli Defense Sector


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Next-Generation Technologies & Secure Development

Hackers Are Leveraging Israel-Hamas War to Carry Out Attacks, Researcher Tells ISMG

Report Says Iranian Hackers Targeting Israeli Defense Sector
Mandiant found suspected Iranian hackers targeting Middle Eastern defense workers. (Image: Shutterstock)

Cybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East, including in Israel and the United Arab Emirates.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors


Threat intelligence firm Mandiant published a report Tuesday night that links a threat actor tracked as UNC1549, allegedly associated with the Iranian Revolutionary Guard Corps, to a series of coordinated attacks targeting Middle East entities affiliated with the aerospace and defense sectors.


Ofir Rozmann, a senior researcher for Mandiant and a coauthor of the report, told Information Security Media Group that hackers “used decoys and lures” to gain initial access into targeted systems. They primarily used Microsoft Azure cloud infrastructure to communicate with their deployed back doors – a technique used to evade detection.


Tehran-affiliated hackers “are growing overtime in sophistication and conducting tailored cyberespionage and destructive campaigns,” Rozmann said. This campaign’s primary purpose appears to be espionage but may also support other…

Source…

Hamas, Iranian hackers seek to leverage Israeli people’s stress


Tel Aviv [Israel], December 19 (ANI/TPS): The Israel National Cyber Directorate announced on Monday that Iran and Hezbollah were behind an attempted cyberattack on the Ziv Medical Centre in Safed in late November. “The attack was thwarted before it could successfully disrupt hospital operations and impact citizens’ medical treatment,” the INCD stated. “However, the attackers managed to extract private data stored in the hospital’s systems.”

While the INCD defends Israeli civilian and government cyberspace, including hospitals, and Internet and phone service providers, military cybersecurity is a very different matter, according to Alon Arvatz, CEO and co-founder of Stealth Startup. Most computers with any sensitive information are not connected to the Internet, and Israeli soldiers operating in Gaza aren’t allowed to carry cell phones for fear of exposing their locations or other sensitive data, Arvatz told the Tazpit Press Service in an interview last month.

“We read the frustrations from their families, saying, ‘I don’t know what’s going on with my son, or wife or child.’ So it’s heartbreaking,” he said. “But from a security perspective, it means very good things about the army and how it handles it. The worst thing that can happen is that a soldier would accidentally expose his location and the plans of the army.” On Oct. 7 and since, there has been widespread speculation about how Hamas terrorists infiltrated Israel in such large numbers, as well as how they were able to murder, torture and kidnap so many Israelis and others. Despite Israel’s reputation as one of the world’s cyberspace superpowers, Hamas appears to have sought to sabotage Israel’s vaunted rocket-alert system and siphon off donations intended for Oct. 7 victims, Arvatz told TPS.

Hackers Leveraging People’s StressParallel to Hamas’s ground invasion, the terrorists also launched “attacks into cyberspace, targeting various civilian and governmental targets,” said Arvatz, a veteran of the Israel Defense Force’s elite cyber Unit 8200 and author of The Battle for Your Computer: Israel and the Growth of the Global Cyber-Security Industry. Hamas’s multi-pronged attack–from land, sea, air and cyberspace–sought to…

Source…

Did Iranian Hackers Hit a Pennsylvania Water System?


(TNS) — The Municipal Water Authority of Aliquippa revealed Saturday that one of their booster stations had been hacked and partially controlled by a cyber guerilla group tied to the Iranian government, according to news reports.

Confirming the hack to KDKA, Matthew Motes, the chairman of the board of directors for the Municipal Water Authority of Aliquippa, said that the group, known as Cyber Av3ngers, took control of one of the stations.

The hacking ring shut down a pump on a supply line that provides drinking water from the Aliquippa Municipal Water Authority’s treatment plant to Raccoon and Potter townships in Beaver County.


As soon as the hack had occurred, an alarm sounded, the Beaver Countain reported.

Also confirming the hack was a haunting message that appeared that appeared on the system’s control panel after the pump had been taken over, reading, “You have been hacked. Down with Israel. Every equipment ‘made with Israel’ is Cyber Av3ngers legal target.”

The machine that was hacked by the cyber group uses a system called Unitronics, which uses software or has components that are Israeli-owned, KDKA reported.

Aliquippa municipal workers managed to disable the system and authorities were called to the booster station Saturday. Now the incident is under criminal investigation.

Back-up methods are now being applied to maintain water pressure to communities, the Beaver Countain reported.

“They did not get access to anything in our actual water treatment plant – or other parts of our system – other than a pump that regulates pressure to elevated areas of our system,” Mottes told the outlet. “This pump has its own computer network, separated from our primary network, and is physically miles away.”

The network also serviced multiple security cameras.

“The booster system did what it was supposed to. It sent an alarm and we took control manually. Nobody was ever at risk,” he added.

Congressman Chris Deluzio said in a statement on Facebook Sunday that he is monitoring the situation.

On X, formerly known as Twitter, the Cyber Av3ngers have taken responsibility for multiple attacks worldwide,…

Source…