Security News > 2021 > May > Researchers Uncover Iranian State-Sponsored Ransomware Operation

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis.

"Iran's Islamic Revolutionary Guard Corps was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard'," cybersecurity firm Flashpoint said in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel.

A second spreadsheet validated by Flashpoint explicitly spelled out the project's financial motivations, with plans to launch the ransomware operations in late 2020 for a period of four days between Oct. 18 and 21.

Despite the project's ransomware themes, the researchers suspect the move could likely be a "Subterfuge technique" to mimic the tactics, techniques, and procedures of other financially motivated cybercriminal ransomware groups so as to make attribution harder and better blend in with the threat landscape.

Interestingly, the rollout of Project Signal also dovetailed with another Iranian ransomware campaign called "Pay2Key," which ensnared dozens of Israeli companies in November and December 2020.

News of Iran's second ransomware operation also comes as a coalition of government and tech firms in the private sector, called the Ransomware Task Force, shared a 81-page report comprising a list of 48 recommendations to detect and disrupt ransomware attacks, in addition to helping organizations prepare and respond to such intrusions more effectively.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/skbq_thGts0/researchers-uncover-iranian-state.html