Security News > 2023 > November > Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.
"The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.
"Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable."
Active since at least December 2020, Agonizing Serpens has been linked to wiper attacks targeting Israeli entities.
The latest set of attacks entails weaponizing vulnerable internet facing web servers as initial access routes to deploy web shells and conduct reconnaissance of the victim networks and steal credentials of users with administrative privileges.
A lateral movement phase is followed by data exfiltration using a mix of public and custom tools like Sqlextractor, WinSCP, and PuTTY, and finally deliver the wiper malware -.
News URL
https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)