Security News > 2023 > November > Iranian hackers launch malware attacks on Israel’s tech sector
The recent attacks were discovered by researchers at cybersecurity company CrowdStrike, who made the attribution based on infrastructure overlaps with past campaigns, observed tactics, techniques, and procedures, the use of the IMAPLoader malware, phishing lures.
In a report published earlier this week, researchers say that Imperial Kitten launched phishing attacks in October using a 'job recruitment' theme in emails carrying a malicious Microsoft Excel attachment.
Communication with the command and control server is achieved using the custom malware IMAPLoader and StandardKeyboard, both relying on email to exchange information.
The researchers say that StandardKeyboard persists on the compromised machine as the Windows Service Keyboard Service and executes base64-encoded commands received from the C2. CrowdStrike confirmed for BleepingComputer that the October 2023 attacks targeted Israeli organizations following the Israel-Hamas conflict.
In previous activity, Imperial Kitten carried watering hole attacks by compromising several Israeli websites with JavaScript code that collected information about visitors, such as browser data and IP address, profiling potential targets.
Iranian hackers lurked in Middle Eastern govt network for 8 months.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)