Security News

US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks against the local government. Over the course of the three-month deployment, Cyber National Mission Force troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the NATO country.

"Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit said in a report shared with The Hacker News. Another bespoke malware linked to the group is a C++-based Telegram "Grabber" tool that facilitates data harvesting on a large scale from Telegram accounts after obtaining the target's credentials.

An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Two Iranian nationals have been accused for their role in the disinformation and threat campaign.

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy said.

The U.K. National Cyber Security Centre on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles.

The U.K. National Cyber Security Centre has issued a warning of Russian and Iranian state-sponsored hackers increasingly targeting organizations and individuals. More specifically, the country's cybersecurity agency has identified a spike in spear-phishing attacks attributed to threat actors tracked as SEABORGIUM and TA453.

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary.

Groups tied to the Russian intelligence services will also continue to target geographic neighbors with disinformation campaigns, intelligence gathering, and possibly low-level disruptive attacks. Traditional espionage targets will continue to be a focus; for example, we saw evidence in August 2022 of Russian intelligence services using spear phishing emails to target staff at the Argonne and Brookhaven national laboratories in the US, which conduct cutting edge energy research.

The threat actor targets high-profile and high-security accounts for cyberespionage purposes. Their favorite method to approach and attack their targets consists of using web beacons in emails before eventually attempting to harvest the target's credentials.

An Iranian advanced persistent threat actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.