Security News

Over the past year, an Iran-linked threat actor named Agrius has been observed launching destructive attacks on Israeli targets, under the disguise of ransomware attacks, according to endpoint security company SentinelOne. Likely state-sponsored, the threat group initially engaged in cyberespionage attacks, but then attempted to extort victims, claiming to have exfiltrated and encrypted data.

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers said.

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Researchers added that the wiper attacks were conducted using a secondary malware called "Deadwood", which Sentinel Labs said has "Unconfirmed links to an Iranian threat group."

Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "To harm or abduct them". The Israeli claim came hours after Iran accused its arch-enemy of orchestrating an attack on a key nuclear site and vowed "Revenge".

Attacks conducted by Iranian hackers against Israeli companies involved the deployment of ransomware and theft of information, threat intelligence company ClearSky reported last week. A new series of attacks targeting industrial, insurance and logistics companies in Israel appears to be the work of Fox Kitten, ClearSky noted in a new report.

A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel. "This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser," OTORIO said in a blog post.

Threat actors are extorting an Israeli insurance company by demanding almost $1 million in bitcoin to stop leaking the company's stolen data. On Monday, a cybercrime group calling themselves 'BlackShadow' tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack.

Israeli spyware maker NSO Group has taken a leaf out of Hollywood in an attempt to avoid any legal repercussions from making and selling tools that hack WhatsApp users' phones. When NSO failed to turn up in court in the US state, Facebook claimed victory; and NSO accused it of lying and having failed to serve the legal documents.

Researchers at Awake Security have published a report on malicious extensions in the Chrome web store, making both specific claims of over 32 million downloads of one malware family, and general claims of weak security in both domain registration and Google's store. This led them to a bunch of malicious browser extensions, 111 in total, which "Were found to upload sensitive data or not perform the task they're advertised to perform. A common technique, they said, is that the developer gets a clean version of an extension approved, and later updates it with the malicious payload. Some of the suspicious extensions have a reassuring number of reviews and downloads, in one case more than 22,000 reviews and 10 million downloads, presumably achieved by bot activity. Another popular approach is to clone a genuine extension and bundle it with malware."Awake has since worked with Google to take down these extensions from the Chrome Web Store," said the report, but no doubt more are on the way.

Israel's national cyber chief Thursday officially acknowledged the country had thwarted a major cyber attack last month against its water systems, an assault widely attributed to arch-enemy Iran, calling it a "Synchronized and organized attack" aimed at disrupting key national infrastructure. Had Israel's National Cyber Directorate not detected the attack in real time, he said chlorine or other chemicals could have been mixed into the water source in the wrong proportions and resulted in a "Harmful and disastrous" outcome.