Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability’s long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known

Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage

A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized moniker UNC3890, which is believed to conduct operations that align with Iranian interests. "The collected

Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government

A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania's National Agency of Information Society

State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated

Who Are The Hackers Who Started A Fire In Iran?

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "

Microsoft Seizes 41 Domains Tied To Iranian Phishing Ring

Iran, China-Linked Gangs Join Putin's Disinformation War Online

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35,