Skip to main content

REVENGE ❓. Iranian Hackers, APT Group Targets Governments.

Cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country's geopolitical interests.
"Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East," the researchers said in a report (PDF) shared, adding at least one of the attacks went undiscovered for more than a year and a half since 2018.
"The campaigns were based on several tools, including 'living off the land' tools, which makes attribution difficult, as well as different hacking tools and a custom-built backdoor."

 
Known to be active since 2014, the Chafer APT has previously taken aim at Turkish government organizations and foreign diplomatic entities based in Iran with the goal of exfiltrating sensitive data.
A FireEye report last year added to growing evidence of Chafer's focus on telecommunications and travel industries. "Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals," the company said.
APT39 compromises its targets via spear-phishing emails with malicious attachments and using a variety of backdoor tools to gain a foothold, elevate their privileges, conduct internal reconnaissance, and establish persistence in the victim environment.
What makes the Kuwait attack more elaborate, according to Bitdefender, is their ability to create a user account on the victims' machine and perform malicious actions inside the network, including network scanning (CrackMapExec), credential harvesting (Mimikatz), and move laterally inside the networks using a wide arsenal of tools at their disposal.
Most activity occurs on Friday and Saturday, coinciding with the weekend in the Middle East, the researchers said.
The attack against a Saudi Arabian entity, on the other hand, involved the use of social engineering to trick the victim into running a remote administration tool (RAT), with some of its components sharing similarities with those used against Kuwait and Turkey.

 
"While this attack was not as extensive as the one in Kuwait, some forensic evidence suggests that the same attackers might have orchestrated it," the researchers said. "Despite the evidence for network discovery, we were not able to find any traces for lateral movement, most probably because threat actors were not able to find any vulnerable machines."
The attacks against Kuwait and Saudi Arabia are a reminder that Iran's cyber espionage efforts have shown no sign of slowing down. Given the crucial nature of the industries involved, Chafer's actions continue the trend of striking countries that act against its national ambitions.
"While these two are the most recent attack examples happening in the Middle East, it is important to understand that this type of attack can happen anywhere in the world, and critical infrastructures like government and air transportation remain very sensitive targets," Bitdefender said.

THN

#osutayusuf

Comments

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...

The Full List of Permanent Secretaries Appointed by President Museveni.

By virtue of the Powers given to the President by Article 174 (2) of the 1995 Constitution of the Republic of Uganda, I hereby, appoint the following as Permanent Secretaries as indicated below: 1. Head of Public Service and Secretary to Cabinet- Lucy Nakyobe 2. Deputy Head of Public Service And Secretary to Cabinet - Deborah Katuramu 3. State House Comptroller - Jane Barekye 4. Principal Private Secretary to the President- Dr. Kenneth Omona 5. Principal Private Secretary to H.E. the Vice President - Alex Kakooza 6.  Office of the Prime Minister - Keith Muhakanizi 7.  Office of the President - Yunus Kakande 8.  Ministry of Agriculture, Animal - Industry and Fisheries David Kyomukama Kasura (Maj. Gen.) 9.  Ministry of Defence and Veteran Affairs- Rosette Byengoma 10. Ministry of Education and Sports -       Kate Lamaro  11. Ministry of Energy and Mineral Development -   Batebe Irene  12. Ministry of Foreign Affairs - Vincent Bag...