Security News > 2023 > November > Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.
"The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.
"Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable."
Active since at least December 2020, Agonizing Serpens has been linked to wiper attacks targeting Israeli entities.
The latest set of attacks entails weaponizing vulnerable internet facing web servers as initial access routes to deploy web shells and conduct reconnaissance of the victim networks and steal credentials of users with administrative privileges.
A lateral movement phase is followed by data exfiltration using a mix of public and custom tools like Sqlextractor, WinSCP, and PuTTY, and finally deliver the wiper malware -.
News URL
https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)