22 matches found
AI SPERA Partners with Devcons to Expand ‘Criminal IP’ into the Middle Eastern Market
Torrance, United States / California, 8th July 2024, CyberNewsWire...
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...
Mint Sandstorm’s Campaign Targets Researchers with Novel Backdoor
Summary: Mint Sandstorm, a threat actor, focuses on high-profile individuals involved in Middle Eastern affairs at universities and research organizations. The group utilizes phishing lures in a campaign to socially engineer targets, enticing them to download malicious files that deploy new...
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mind Sandstorm since November 2023. The threat actor "used bespoke phishing...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm PHOSPHORUS targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign,...
Deadglyph Malware Emerges as a Game Changer for Stealth Falcon
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The cyber espionage group Stealth Falcon commenced covert operations and employed advanced backdoor malware called "Deadglyph" primarily to infiltrate Middle Eastern government entities. To receive...
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...
Chinese Cyber Espionage Targets Middle Eastern Telecoms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese cyber espionage actors, Gallium and APT41, linked to Operation Soft Cell campaign, are targeting Middle Eastern telecommunications sector. To receive real-time threat advisories, please follow...
WIP26 attacks Middle Eastern telecom service providers
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The newly discovered WIP26 threat cluster is an espionage-focused group that has been concentrating on infiltrating Middle Eastern telecom companies. To evade detection, the group heavily relies on public...
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrat...
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...
OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as OilRig has began delivering malicious email to a Jordanian government employee at the foreign ministry. The email includes a malicious Excel sheet that installs the Saitama backdoor...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments
A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros. On Monday, Kaspersky reported that it observed the group in February using Microsoft Excel droppers, which planted hidden...
‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars
An Iran-linked advanced persistent threat APT group has taken a scholarly bent with its latest phishing campaign, which involves lengthy chats with professors, think tank higher-ups and journalists focused on Middle Eastern affairs. The threat actor is Charming Kitten – aka a number of names,...
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated January 17th: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're calling "JhoneRAT." This...
DarkHydrus Phishery tool spreading malware using Google Drive
By Waqas DarkHydrus is back in action with a new variant of RogueRobin malware to target Middle Eastern Politicians by abusing Google Drive. The primary focus of cybercriminals nowadays is to use the infrastructure of genuine services in their attacks in order to prevent detection from security...
A Zebrocy Go Downloader
Last year at SAS2018 in Cancun, Mexico, "Masha and these Bears" included discussion of a subset of Sofacy activity and malware that we call "Zebrocy", and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was...
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a...