Security News

The Department of Justice has indicted two hackers - including one teenager - for allegedly vandalizing more than 50 websites hosted in the U.S. with pro-Iran messages. The two allegedly replaced the content of these websites with pictures of Soleimani against a background of the Iranian flag, along with the message, in English, "Down with America." The two hackers allegedly took credit online for their website defacements.

Tehran on Friday hit back at allegations by Microsoft that Iran based hackers had targeted the US presidential campaigns, declaring it does not care about the election's outcome. Microsoft claimed that it has thwarted cyber attacks by hackers from China, Russia and Iran who have been targeting staff from the campaigns of President Donald Trump and his Democratic rival Joe Biden, ahead of the November vote.

Microsoft believes there have been extensive "Cyberattacks targeting people and organizations involved in the upcoming presidential election," and that foreign government hackers responsible for attacks ahead of the 2016 vote are back with new and nastier tactics. The Windows giant's corporate veep for Customer Security & Trust Tom Burt said both sides of US politics are being attacked, that China, Russia and Iran are all active, and that the spies are also actively targeting UK political parties and other international institutions.

While the ransomware was previously used by advance persistent threat actors, its source code surfaced in March 2020, making it available to a wider breadth of attackers. "The fact Dharma source code has been made widely available led to the increase in the number of operators deploying it," Oleg Skulkin, senior digital forensics specialist with Group-IB, said in an analysis of the attacks posted Monday.

A state-sponsored hacking group linked to Iran accidentally exposed one of its servers, giving researchers access to roughly 40 GB of videos and other files associated with the threat actor's operations. Some of the videos uncovered by IBM on the exposed server showed successful attacks against a member of the U.S. Navy and an officer in the Hellenic Navy, the naval force of Greece.

Google reported on Wednesday that it continues to see attacks launched by the Iran-linked threat group named Charming Kitten against medical and healthcare professionals, including employees of the World Health Organization. The attacks launched by Iranian hackers against WHO staff were first reported by Reuters in early April.

Hacked websites in Israel, a reported cyberattack in Iran and a Twitter war between their leaders: the arch foes' animosity is flaring up online. The latest volleys in Israel and Iran's longstanding rivalry coincide with the 20th anniversary of the Israeli army's withdrawal from southern Lebanon, forced out by Iranian-backed militant group Hezbollah.

The government newspaper of Iran has lost its.com website, with its publisher on Monday accusing the United States of "Stealing" the domain name. Contacted by AFP, Mehdi Shafii, head of the media group that publishes Iran, accused the US Treasury of wanting to "Block" and "Confiscate" the company's domain names.

A security researcher says he has uncovered an advanced persistent threat operation that started over a decade ago and which is referenced in the collection of National Security Agency hacking tools that the Shadow Brokers made public in 2017. The researcher, who refers to the operation as 'Nazar', based on "Debug paths left alongside Farsi resources in some of the malware droppers," believes that the activity was centered around the 2010-2013 timeframe, based on submission times in VirusTotal.

The Iranian cybercrime group that was expected to spearhead the rogue Middle East nation's revenge for the US assassination of General Qasem Soleimani has quite the arsenal at its digital fingertips. They added: "From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."