Iran suspected behind cyberattack on Mideast aerospace, telecom firms | #government | #hacking | #cyberattack


Security researchers on Wednesday published a report tying cyberattacks on a number of aerospace and telecommunications companies, mainly in the Middle East, to Iranian state-sponsored groups.

MalKamak, a cyberespionage group believed to be tied to other known Iranian government-sponsored groups such as Chafer APT (also known as APT39 or Remix Kitten), was responsible for the recent hack attack, US-Israeli cybersecurity firm Cybereason reported.

The company did not name specific victims, but said they mainly included a “select few” companies in the Middle East, with others in the US, Europe and Russia. Though Israel was not mentioned, Israel’s Channel 12 news reported that Israeli companies were among the list of targets in the Middle East, without providing a source or details.

According to Cybereason, the end goal of the hack was the theft of information about their infrastructure, technology, and critical assets.

The Iranian group used a remote access Trojan called ShellClient, which had been in use since at least 2018, to obtain information from the companies. Cybereason said the threat was still active as of September.

The Trojan itself is controlled via the Dropbox file-sharing platform, which apparently made it difficult to detect.

Dropbox is a web-based file hosting service. (sematadesign/iStock Photo by Getty Images)

Commands are sent to the Trojan, which is disguised as a legitimate Microsoft program, to first set it up and identify system information and what antivirus software is installed.

Then, still using Dropbox, the hackers send another set of commands to change the Trojan into a persistent program on the victim’s computer, with administrator privileges.

Cybereason said its team compared its observations with previous campaigns that were attributed to known Iranian actors, “and was able to point out some interesting similarities between ShellClient and previously reported Iranian malware and threat actors.”

Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020.

Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts – including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.


Learn Hebrew in a fun, unique way

You get Israel news… but do you GET it? Here’s your chance to understand not only the big picture that we cover on these pages, but also the critical, juicy details of life in Israel.

In Streetwise Hebrew for the Times of Israel Community, each month we’ll learn several colloquial Hebrew phrases around a common theme. These are bite-size audio Hebrew classes that we think you’ll really enjoy.


Learn more


Learn more

Already a member? Sign in to stop seeing this


You’re serious. We appreciate that!


We’re really pleased that you’ve read X Times of Israel articles in the past month.

That’s why we come to work every day – to provide discerning readers like you with must-read coverage of Israel and the Jewish world.

So now we have a request. Unlike other news outlets, we haven’t put up a paywall. But as the journalism we do is costly, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel Community.

For as little as $6 a month you can help support our quality journalism while enjoying The Times of Israel AD-FREE, as well as accessing exclusive content available only to Times of Israel Community members.


Join Our Community


Join Our Community

Already a member? Sign in to stop seeing this

FB.Event.subscribe('comment.create', function (response) { comment_counter++; if(comment_counter == 2){ jQuery.ajax({ type: "POST", url: "/wp-content/themes/rgb/functions/facebook.php", data: { p: "2627439", c: response.commentID, a: "add" } }); comment_counter = 0; } }); FB.Event.subscribe('comment.remove', function (response) { jQuery.ajax({ type: "POST", url: "/wp-content/themes/rgb/functions/facebook.php", data: { p: "2627439", c: response.commentID, a: "rem" } }); });

}; (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

ninety − = eighty seven