Security News > 2021 > August > Govt hackers impersonate HR employees to hit Israeli targets
Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets.
The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018 [1, 2]. In multiple attacks detected in May and July, the hackers combined social engineering techniques with an updated malware variant that would ultimately give them remote access to the infected machine.
In one case, the hackers used the name of a former HR manager at technology company ChipPC to create a fake LinkedIn profile, a clear indication that the attackers did their homework before starting the campaign.
While the threat actor's interest seems to have changed from organizations in the Middle East and Africa, the researchers say that the IT and communication companies in Israel are just a means to getting to the real targets.
The researchers discovered two websites that are part of Siamesekitten's infrastructure for the cyberespionage campaigns targeting companies in Israel.
NET. Today's report [PDF] contains technical details for both variants along with IP addresses for the attacker's infrastructure, email addresses used to register servers, and hashes for malicious files.