#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Middle East | Breaking Cybersecurity News | The Hacker News

New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities

New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities

Dec 14, 2023 Malware / Threat Analysis
A pro-Hamas threat actor known as  Gaza Cyber Gang  is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor. "Recent Gaza Cybergang activities show consistent targeting of Palestinian entities, with no observed significant changes in dynamics since the start of the Israel-Hamas war," security researcher Aleksandar Milenkoski  said  in a report shared with The Hacker News. Gaza Cyber Gang, believed to be  active since at least  2012, has a history of striking targets throughout the Middle East, particularly Israel and Palestine, often leveraging spear-phishing as a method of initial access. Some of the  notable   malware   families  in its  arsenal   include  BarbWire, DropBook, LastConn, Molerat Loader, Micropsia, NimbleMamba, SharpSt
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

Nov 10, 2023 Cyber Attack / Cyber Threat
A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name  Imperial Kitten , and which is also known as Crimson Sandstorm (previously Curium), TA456, Tortoiseshell, and Yellow Liderc. The latest findings from the company build on prior reports from  Mandiant ,  ClearSky , and  PwC , the latter of which also detailed instances of strategic web compromises (aka watering hole attacks) leading to the deployment of IMAPLoader on infected systems. "The adversary, active since at least 2017, likely fulfills Iranian strategic intelligence requirements associated with IRGC operations," CrowdStrike  said  in a technical report. "Its activity is characterized by its use of social engineering, particularly job recruitment-themed content, to deli
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

May 21, 2020
Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country's geopolitical interests. "Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East," the researchers said in a report (PDF) shared with The Hacker News, adding at least one of the attacks went undiscovered for more than a year and a half since 2018. "The campaigns were based on several tools, including 'living off the land' tools, which makes attribution difficult, as well as different hacking tools and a custom-built backdoor." Kn
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data

New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data

Sep 09, 2019
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware in the Middle East, primarily in the United Arab Emirates (UAE). Dubbed Win32/StealthFalcon , named after the hacking group, the malware communicates and sends collected data to its remote command-and-control (C&C) servers using Windows Background Intelligent Transfer Service (BITS). BITS is a communication protocol in Windows that takes unused network bandwidth to facilitate asynchronous, prioritized, and throttled transfer of files between machines in the foreground or background, without impacting the network experience. BITS is commonly used by software up
Chinese Hackers Steal Info from top secret U.S military data

Chinese Hackers Steal Info from top secret U.S military data

May 03, 2013
QinetiQ , a UK-based defense contractor  suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East. The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm's Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.  As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the questi
Police in Japan ask ISPs to start blocking Tor network

Police in Japan ask ISPs to start blocking Tor network

Apr 22, 2013
Tor is a web service that allows users to surf the Internet, use IM, and other services while keeping themselves completely anonymous, but  Japan's National Police Agency wants ISPs to block access to Tor if users are found to have abused it. The push by Japanese authorities is because they're worried about an inability to tackle cyber crime enabled in part by anonymizing services such as Tor.  Japanese police is having a hard time when it comes to crimes in the cyberspace. Just last year a hacker, going by the name Demon Killer, took remote control of systems across the country and posted death threats on public message boards. The panel claimed it has been used in the past to commit internet fraud, help paedophiles groom kids online and, tellingly, enabled leaks from Tokyo's Metropolitan Police Department. Tor has proven to be an invaluable tool for pro-democracy campaigners in the Middle East while censorious regimes such as the Chinese authorities have atte
Another Cyber attack Hit Regions Bank and SunTrust

Another Cyber attack Hit Regions Bank and SunTrust

Oct 11, 2012
As warned by Izz ad-Din al-Qassam Cyber Fighters They launched another distributed denial-of-service (DDOS) attack against the website of Regions Financial Corp (regions.com) and SunTrust. The computer attacks burden the bank websites with heavy traffic volume that causes slow service for the sites or makes them completely unavailable. In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp and THEY DID IT. SunTrust ( suntrust.com ) spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said. A couple of days ago, Regions representatives told Fox Business that the organization was aware of the threats. At the time, they claimed they were "taking every mea
Hackers disrupt Interpol website against Anti-Islam film

Hackers disrupt Interpol website against Anti-Islam film

Oct 07, 2012
A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffered de
Cybersecurity Resources