Security News
Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. In addition to the criminal charges, the U.S. Department of the Treasury has also sanctioned both Russian hackers, freezing all their assets under U.S. jurisdiction and banning them from doing business with Americans.
The U.S. Cybersecurity and Infrastructure Security Agency this week released a malware analysis report detailing web shells employed by Iranian hackers. Web shells provide the hackers with the ability to execute code on the victim systems, enumerate directories, deploy additional payloads, steal data, and navigate the victim network.
A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July. Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.
The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim. "Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.
An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "Starting July 2020, we have identified a new TTP of the group, impersonating 'Deutsche Welle' and the 'Jewish Journal' using emails alongside WhatsApp messages as their main platform to approach the target and convince them to open a malicious link."
An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "Starting July 2020, we have identified a new TTP of the group, impersonating 'Deutsche Welle' and the 'Jewish Journal' using emails alongside WhatsApp messages as their main platform to approach the target and convince them to open a malicious link."
Recent Dharma ransomware attacks show that more Iranian hackers have started to engage in financially-motivated operations, threat hunting firm Group-IB reports. In a report published on Monday, Group-IB revealed that Dharma ransomware attacks observed in June this year were the work of a newly discovered Iranian hacker group, and that organizations in China, India, Japan, and Russia were targeted.
The crew at IBM X-Force has uncovered a massive cache of files, including about five hours of training videos intended for a select crew of hackers in Iran known as ITG18. Big Blue said the videos range from two minutes to two hours and mainly cover techniques for compromising popular webmail services.
Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.
Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.