Security News > 2021 > November > Iranian state hackers use upgraded malware in attacks on ISPs, telcos
The Iranian state-supported APT known as 'Lyceum' targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021.
Apart from Israel, which is permanently in the crosshairs of Iranian hackers, researchers have spotted Lyceum backdoor malware attacks in Morocco, Tunisia, and Saudi Arabia.
In the most recent campaign analyzed in a joint report between researchers at Accenture and Prevailion, Lyceum is seen using two distinct malware families, dubbed Shark and Milan.
According to the technical analysis, which revealed a continual refresh of the beacons and payloads, Lyceum appears to be monitoring researchers who are analyzing their malware to update their code and stay ahead of defensive mechanisms.
The resulting report provides a new list with indicators of compromise and multiple ways to detect the two backdoors, so it has the potential to disrupt Lyceum's ongoing campaign.
Even though the 'GhostShell' campaign was most probably orchestrated by a novel APT adversary, it still had links to known Iranian APT groups like Lyceum.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)