Security News

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the...

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation, the sanctions target Rana Intelligence Computing Company, which the agencies said operated as a front for the threat group APT39, Iranian cyber espionage hacking collective active since 2014 known for its attacks on companies in the U.S. and the Middle East with an aim to pilfer personal information and advance Iran's national security objectives.

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts - one for Windows and the other for Android - using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.

These targets, together with WHOIS records suggesting that associated malicious websites had been registered by Iranian individuals, and the discovery of one registrant's email address linked to Iranian hacking forums, is enough for the Check Point researchers to conclude that Rampant Kitten is an Iranian group, which itself implies a link to the Iranian government. The attack vectors used in the campaign, which has largely remained under the radar for six years, include four variants of Windows infostealers; an Android backdoor used to steal 2FA codes from SMS messages and take voice recordings; and Telegram phishing pages distributed using fake Telegram service accounts.

The U.S. Department of the Treasury's Office of Foreign Assets Control on Thursday announced sanctions against Iran-based cyber threat actor APT39, associated individuals, and a front company named Rana Intelligence Computing Company. Last year, a series of documents supposedly leaked from the Iranian Ministry of Intelligence and Security revealed information on the activities of Rana, which was tracking individuals both in Iran and outside the country, and on its members.

The US Department of Justice on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January. "The hackers victimized innocent third parties in a campaign to retaliate for the military action that killed Soleimani, a man behind countless acts of terror against Americans and others that the Iranian regime opposed," said Assistant Attorney General for National Security John C. Demers in a statement.

The U.S. Department of Justice on Thursday announced charges against three Iranian nationals believed to have stolen information related to the United States' aerospace and satellite technologies. Authorities say the hackers used social engineering to trick people working in the aerospace and satellite sectors to hand over information that they could later use to create fake email accounts and domains.

Two Iranian hackers were indicted in the United States for allegedly engaging in numerous cyberattacks, some of them conducted on behalf of the government of Iran, the U.S. Department of Justice announced on Wednesday. The two, Hooman Heidarian, 30, and Mehdi Farhadi, 34, both of Hamedan, Iran, were charged with conspiracy to commit fraud and wire fraud, unauthorized access to protected computers, unauthorized damage to protected computers, access device fraud, and aggravated identity theft.

Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. In addition to the criminal charges, the U.S. Department of the Treasury has also sanctioned both Russian hackers, freezing all their assets under U.S. jurisdiction and banning them from doing business with Americans.

The U.S. Cybersecurity and Infrastructure Security Agency this week released a malware analysis report detailing web shells employed by Iranian hackers. Web shells provide the hackers with the ability to execute code on the victim systems, enumerate directories, deploy additional payloads, steal data, and navigate the victim network.