Security News

The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. The development comes months nearly nine months after the U.S. Cyber Command characterized the advanced persistent threat known as MuddyWater as a subordinate element within MOIS. It also comes almost two years following the Treasury's sanctions against another Iranian APT group dubbed APT39.

The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. MOIS is the Iranian government's leading intelligence agency, tasked with coordinating intelligence and counterintelligence efforts, as well as covert actions supporting the Islamic regime's goals beyond the country's borders.

This decision comes after severing diplomatic relations with Iran following the attribution of a July cyberattack that targeted Albanian government infrastructure to Iranian threat actors. "The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression," Rama said.

Iran's Communications Ministry joined in a pledge with Russian state-owned defence and technology conglomerate Rostec to explore future collaboration in e-government, information security, and other areas. News of the collaboration came in a statement published on Friday by Iran's Information Technology Organization - a government agency charged with developing policy related to data networks and digital services.

Malware used in a crippling cyberattacks against an Iranian steel plants last week is connected to an attack that shut down the country's rail system last year. The overlaps in the code, combined with contextual clues and even recycled jokes, indicate that the same threat actor, dubbed Indra, is behind the attacks impacting Iran's infrastructure.

The new head of Israel's National Cyber Directorate has announced the nation intends to build a "Cyber-Dome" - a national defense system to fend off digital attacks. Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February.

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center said it suspended over 20 malicious OneDrive applications created and that it notified affected organizations.

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests - namely, advancing anti-Western narratives - according to threat-intel experts at Mandiant. It also attributes these campaigns to actors that the threat researchers say are operating in support of nation-states including Russia, Belarus, China and Iran.

The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team. For the espionage strikes, Cobalt Mirage pulls off targeted intrusions to gain access and collect intelligence, though the snoops appear to be experimenting with ransomware here as well, the threat hunters wrote.

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec. VMware patched its flawed software on April 6, and attackers were not far behind.