Security News

Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks. The activity cluster was temporarily dubbed DEV-0343 by researchers at Microsoft Threat Intelligence Center and Microsoft Digital Security Unit, who have tracked it since late July.

Security vendor FireEye says it has spotted a Chinese espionage group that successfully compromised targets within Israel, and that trying to make its efforts look like the work of Iranian actors is part of the group's modus operandi. A FireEye blog post states the Chinese activity has been ongoing since 2019, when a group it names "UNC215" used the Microsoft SharePoint vulnerability CVE-2019-0604 "To install web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia".

The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM's X-Force threat intelligence team. Last year, the group accidentally exposed approximately 40 GB of videos and other content associated with its operations, including training videos on how to exfiltrate data from online accounts, and clips detailing the successful compromise of certain targets.

Classified files apparently leaked from a cyber unit of the Iranian government show that Iran is looking to improve its offensive cyber capabilities, including for targeting industrial control systems. British news outlet Sky News managed to obtain five internal reports - all marked "Very confidential" - that seem to originate from the Islamic Revolutionary Guard Corps' Shahid Kaveh, a secret offensive cyber unit.

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.

The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors. "CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.

The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren't just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian Islamic Radio and Television Union, which is allegedly under the control of the sanctioned Islamic Revolutionary Guard Quds Force. Three additional sites taken down were allegedly controlled by Kata'ib Hizballah, which has been designated an Iraqi terrorist group by the U.S. government.

American authorities seized a range of Iran's state-linked news website domains they accused of spreading disinformation, the U.S. Justice Department said Tuesday, a move that appeared to be a far-reaching crackdown on Iranian media amid heightened tensions between the two countries. Relations between Iran and the U.S. have deteriorated for years following President Donald Trump's withdrawal from Tehran's nuclear deal and the return of devastating sanctions on the country.

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar.

Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "To harm or abduct them". The Israeli claim came hours after Iran accused its arch-enemy of orchestrating an attack on a key nuclear site and vowed "Revenge".