8 matches found
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command IRGC-CEC from at least 2016 to April 202...
Iranian hackers soar into the defense sectors of the Middle East
Summary: Since June 2022, the hacking group UNC1549, potentially connected to Tortoiseshell aka Imperial Kitten and linked with the Iranian IRGC, has implemented distinct backdoors known as MiniBike and MiniBus. Their primary focus lies in targeting defense-related entities in the Middle East...
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a...
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell,...
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees
An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...
How Tortoiseshell created a fake veteran hiring website to host malware
By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec as Tortoiseshell,...
News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware
On this week’s news wrap podcast, Threatpost editors Tara Seals and Lindsey O’Donnell break down the top news, including: Despite claiming they were retiring, GandCrab’s authors have been linked to the REvil/Sodinokibi ransomware via a technical analysis. A spearphishing campaign, first spotted i...
Cybercrooks Target U.S. Veterans with Fake Hiring Website
Researchers are warning that a fake website – purporting to help U.S. military veterans search for jobs — actually links to installers that download malware onto victims’ systems. The website spoofs a legitimate website for U.S. military veterans offered by the U.S. Chamber of Commerce...