Attacks by Iranian and Hezbollah hackers shape narrative on Israel and Hamas

Iran and Hezbollah Hackers

Hackers backed by Iran and Hezbollah launched cyber attacks aimed at undermining public support for a post-October 2023 Israel-Hamas war.

This includes destructive attacks against major Israeli organizations, hacking and leak operations targeting Israeli and U.S. entities, phishing campaigns aimed at stealing intelligence, and information operations aimed at turning public opinion against Israel.

Google said in a new report that Iran accounted for nearly 80% of all government-backed phishing campaigns targeting Israel in the six months before the Oct. 7 attack.

“Hacking and leaking and information operations remain a critical component of the efforts of these and related threat actors throughout the war to communicate intentions and capabilities to their adversaries and other audiences they seek to influence,” the tech giant said.

But another noteworthy aspect of the Israel-Hamas conflict is that cyber operations appear to be executed independently of dynamic and battlefield operations, unlike what was observed in the Russia-Ukraine war.

The company added that this cyber capability can be rapidly deployed at low cost to engage regional rivals without the need for direct military confrontation.

One of the Iran-linked groups, GREATRIFT (also known as UNC4453 or Plaid Rain), is said to be distributing malware through fake “missing persons” websites, targeting visitors seeking the latest information on abducted Israelis. Threat actors are also using blood donation-themed decoy documents as a distribution medium.

Internet security

At least two hacker actors named Karma and Handala Hack have launched destructive attacks against Israel using wiper malware strains such as BiBi-Windows Wiper, BiBi-Linux Wiper, ChiLLWIPE and COOLWIPE from Windows and Linux systems respectively. Delete Files.

Another Iranian nation-state hacker group called Charming Kitten (aka APT42 or CALANQUE) exploited a PowerShell backdoor called POWERPUG to target media and non-governmental organizations (NGOs), as observed in late October and November 2023 as part of a phishing campaign.

POWERPUG is also the latest in a long list of backdoors from its adversaries, including PowerLess, BellaCiao, POWERSTAR (aka GorjolEcho), NokNok, and BASICSTAR.

On the other hand, Hamas-affiliated groups used coded distribution lures targeting Israeli software engineers in an attempt to trick them into downloading the SysJoker malware in the weeks leading up to the October 7 attacks. The campaign has been attributed to a threat actor known as BLACKATOM.

“The attacker […] Google said it “posed as an employee of a legitimate company and contacted targets via LinkedIn, inviting them to apply for software development freelance opportunities. Targets included software engineers in the Israeli military and the Israeli aerospace and defense industry.”

The tech giant described the tactics employed by Hamas cyber actors as simple yet effective, noting that they use social engineering to deliver remote access trojans and backdoors (such as MAGNIFI) to Palestinian and Israeli users, which is consistent with Related to BLACKSTEM (aka Molerats).

Another dimension of these campaigns is the use of spyware that targets Android phones, which can collect sensitive information and exfiltrate it into attacker-controlled infrastructure.

The malware strains, named MOAAZDROID and LOVELYDROID, are the work of the Hamas-affiliated group DESERTVARNISH, also tracked as Arid Viper, Desert Falcons, Renegade Jackal, and UNC718. Cisco Talos recorded details about the spyware in October 2023.

據觀察,來自伊朗的國家資助組織,如MYSTICDOME(又稱UNC1530),也被發現使用MYTHDROID(又稱AhMyth)Android 遠端存取木馬以及用於情報收集的客製化間諜軟體SOLODROID 來針對以色列的mobile device.

Google said: “MYSTICDOME used the Firebase project to distribute SOLODROID, 302 redirecting users to the Play Store and prompting them to install spyware.” The company has since removed the apps from the digital market.

Google further highlighted an Android malware called REDRUSE, a Trojanized version of the legitimate Red Alert app used in Israel to warn of impending rocket attacks, that leaks contacts, messaging data and locations. It was spread via SMS phishing messages impersonating police officers.

The ongoing war has also had an impact on Iran, whose critical infrastructure was damaged in December 2023 by an actor named Gonjeshke Darande (meaning “predatory sparrow” in Persian). The figure is believed to be linked to Israel’s military intelligence service.

Microsoft revealed that actors aligned with the Iranian government “launched a series of cyberattacks and influence operations (IOs) designed to help Hamas launch and undermine Israel and its political allies and business partners.”

Redmond described their early cyber and influence operations as reactive and opportunistic, while also confirming Google’s assessment that since the war broke out, attacks have become “increasingly targeted and destructive,” the message said. War activities are becoming increasingly complex and unrealistic.”

Internet security

Microsoft said that in addition to ramping up its attacks and expanding their focus beyond Israel, including Albania, Bahrain and the United States, which Iran considers to be aiding Israel, it has observed Pink Sand Storm, also known as Agrius, and the Hezbollah cyber group. and other organizations with ties to Iran. unit.

“Collaboration lowers the barrier to entry, allows each team to contribute existing capabilities, and eliminates the need for a single team to develop a full suite of tools or technologies,” said Clint Watts, general manager of the Microsoft Threat Analysis Center (MTAC). .

Last week, NBC News reported that the United States had recently launched a cyber attack on an Iranian warship called the MV Behshad, which had been collecting intelligence on cargo ships in the Red Sea and Gulf of Aden.

An analysis by Recorded Future last month detailed how Iran’s hacking actors and front companies are managed and operated through various contracting companies in Iran that conduct intelligence collection and information operations to “foment destabilization in target countries.” .

“While Iranian groups rushed to conduct or outright fabricate operations early in the war, Iranian groups have recently slowed their operations, giving them more time to gain the access they need or conduct more sophisticated influence operations,” Microsoft concluded.

Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



Source link



from Tech Empire Solutions https://techempiresolutions.com/attacks-by-iranian-and-hezbollah-hackers-shape-narrative-on-israel-and-hamas/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/02/attacks-by-iranian-and-hezbollah.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Perfecta grill uses AI to help cook steaks in 90 seconds

Image
CES is increasingly becoming a barbecue show, and companies are constantly looking for ways to bring more technology to your deck or patio. One company adding artificial intelligence technology to its spice racks is Seergerills, a British startup made up of engineers and product developers. Its flagship model, the Perfecta, can cook a one-inch-thick rib-eye steak in 90 seconds. Overall, the company says the grill looks more like a see-through countertop oven and cooks food about 10 times faster than traditional cooking methods. Inside, dual vertical infrared burners cook both sides simultaneously, which not only speeds up the process but also eliminates the need for flipping. Seergerills says the burner has a maximum temperature of 1,652 degrees Fahrenheit, and the unit even ensures crisp edges thanks to 360-degree heating. The built-in artificial intelligence chef calculates the appropriate cooking time and temperature based on the food, taking into account the desired degree of done
Read more

John Wick heads to Vegas to visit interactive attractions

Image
image: Lionsgate If you’ve ever wanted to fully immerse yourself in John Wick , Lionsgate has got you covered. Later this year, action series is becoming “immersive and interactive” tourist attractions In Las Vegas. Grace Byers on horror and comedy in ‘The Dark’ According to the press release, John Wick Experience Produced in collaboration with series director Chad Stahelski and his production company 87Eleven. The 12,000-square-foot exhibit at the city’s AREA15 campus lets visitors “experience high-stakes adventures and visit themed bars and retail stores open to the public.” Guests will be given specific tasks involving characters and images from the film. They’ll also rub shoulders with Continental employees, crime bosses, and other assassins who (presumably) don’t come into contact with Wick’s bad side at any point in the movie, all in an effort to gain access to private Continental areas and learn about the interesting secret. Jenefer Brown, exec
Read more

Ford prepares for next war, Waymo recalls its self-driving car software, another self-driving startup lays off employees

Image
TechCrunch Mobility is a weekly newsletter dedicated to all things transportation. Sign up here – just click TechCrunch Mobility – and get the newsletter in your inbox every weekend. Subscription is free. welcome back TechCrunch Mobile — A central hub for news and insights about the future of transportation.This week’s news includes BMW Security breach exposes sensitive information, federal agencies fight back against Tesla super bowl ad and a new federal investigation Fisker . But first, I want to talk about my recent visit to the law, where I met some people Ford Executives understand their priorities for 2024 and beyond. It can be said with certainty Chinese electric vehicle manufacturer and Tesla is the most important; in the view of Ford executives, low-cost electric vehicles and cutting-edge software are the best ways to stop these threats. The company’s recently revealed Skunk Works project for electric vehicles is tasked with this task. Ford Chief Financial Officer J
Read more