Security News > 2021 > August > Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks
IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients.
ClearSky theorized that the attacks' focus on IT and communication companies suggest they are intended to facilitate supply chain attacks on their clients.
Regardless of the file downloaded by the victim, the attack chain culminates in the installation of the C++-based Milan backdoor.
The July 2021 attacks against Israeli companies are also notable for the fact that the threat actor replaced Milan with a new implant called Shark that's written in.
NET. "This campaign is similar to the North Korean 'job seekers' campaign, employing what has become a widely used attack vector in recent years - impersonation," the Israeli cybersecurity company said.
"The group's main goal is to conduct espionage and utilize the infected network to gain access to their clients' networks. As with other groups, it is possible that espionage and intelligence gathering are the first steps toward executing impersonation attacks targeting ransomware or wiper malware."
News URL
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)