Security News

A state-sponsored hacking group linked to Iran accidentally exposed one of its servers, giving researchers access to roughly 40 GB of videos and other files associated with the threat actor's operations. Some of the videos uncovered by IBM on the exposed server showed successful attacks against a member of the U.S. Navy and an officer in the Hellenic Navy, the naval force of Greece.

Google reported on Wednesday that it continues to see attacks launched by the Iran-linked threat group named Charming Kitten against medical and healthcare professionals, including employees of the World Health Organization. The attacks launched by Iranian hackers against WHO staff were first reported by Reuters in early April.

Hacked websites in Israel, a reported cyberattack in Iran and a Twitter war between their leaders: the arch foes' animosity is flaring up online. The latest volleys in Israel and Iran's longstanding rivalry coincide with the 20th anniversary of the Israeli army's withdrawal from southern Lebanon, forced out by Iranian-backed militant group Hezbollah.

The government newspaper of Iran has lost its.com website, with its publisher on Monday accusing the United States of "Stealing" the domain name. Contacted by AFP, Mehdi Shafii, head of the media group that publishes Iran, accused the US Treasury of wanting to "Block" and "Confiscate" the company's domain names.

A security researcher says he has uncovered an advanced persistent threat operation that started over a decade ago and which is referenced in the collection of National Security Agency hacking tools that the Shadow Brokers made public in 2017. The researcher, who refers to the operation as 'Nazar', based on "Debug paths left alongside Farsi resources in some of the malware droppers," believes that the activity was centered around the 2010-2013 timeframe, based on submission times in VirusTotal.

The Iranian cybercrime group that was expected to spearhead the rogue Middle East nation's revenge for the US assassination of General Qasem Soleimani has quite the arsenal at its digital fingertips. They added: "From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."

According to the analysis, Fox Kitten's objective has been to develop and maintain access routes to the targeted organizations, establishing persistent footholds within them; stealing information; and pivoting from within to additional targets via supply-chain attacks. The APT34 connection stems from the fact that part of the attack infrastructure used by the group in previous campaigns has been reused for Fox Kitten.

Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.

Iran repelled a cyberattack on Saturday that disrupted the country's internet services for an hour, a telecommunications ministry official said. "At 11:44 a distributed denial-of-service attack disrupted the internet services of some mobile and fixed operators for an hour," tweeted Sajad Bonabi.

Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan previously associated with Iran-linked threat actors, Recorded Future reports. The researchers were able to identify a PupyRAT command and control server that communicated with a mail server for a European energy sector organization between November 2019 and at least January 5, 2020.