Security News > 2023 > November > Iranian hackers launch malware attacks on Israel’s tech sector
The recent attacks were discovered by researchers at cybersecurity company CrowdStrike, who made the attribution based on infrastructure overlaps with past campaigns, observed tactics, techniques, and procedures, the use of the IMAPLoader malware, phishing lures.
In a report published earlier this week, researchers say that Imperial Kitten launched phishing attacks in October using a 'job recruitment' theme in emails carrying a malicious Microsoft Excel attachment.
Communication with the command and control server is achieved using the custom malware IMAPLoader and StandardKeyboard, both relying on email to exchange information.
The researchers say that StandardKeyboard persists on the compromised machine as the Windows Service Keyboard Service and executes base64-encoded commands received from the C2. CrowdStrike confirmed for BleepingComputer that the October 2023 attacks targeted Israeli organizations following the Israel-Hamas conflict.
In previous activity, Imperial Kitten carried watering hole attacks by compromising several Israeli websites with JavaScript code that collected information about visitors, such as browser data and IP address, profiling potential targets.
Iranian hackers lurked in Middle Eastern govt network for 8 months.
News URL
Related news
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)