#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Iranian Hacker | Breaking Cybersecurity News | The Hacker News

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
Dec 29, 2023 Cyber Attack / Web Security
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country's National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. "These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure," AKCESK  said . One Albania, which has nearly 1.5 million subscribers, said in a  Facebook post  on December 25 that it had handled the security incident without any issues and that its services, including mobile, landline, and IPTV, remained unaffected. AKCESK further  noted  that the intrusions did not originate from Albanian IP addresses, adding it managed to "identify potential cases in real-time." The agency also said that it has been focusing its efforts on identifying the source of the attacks, recovering compromised systems, and implementing security measures to prevent such incidents from happening again in the future.

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Nov 09, 2023 Cyber Attack / Malware
Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called  MuddyC2Go  as part of  attacks targeting Israel . "The framework's web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin  said  in a technical report published Wednesday. The tool has been attributed to  MuddyWater , an  Iranian   state-sponsored   hacking   crew  that's affiliated to the country's Ministry of Intelligence and Security (MOIS). The cybersecurity firm said the C2 framework may have been put to use by the threat actor since early 2020, with recent attacks leveraging it in place of PhonyC2 , another custom C2 platform from MuddyWater that came to light in June 2023 and has had its source code leaked. Typical attack sequences observed over the years have involved sending spear-phishing emails bearing malware-laced archives or bogus links that lead to the deployment of legitimat

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors

Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors
Nov 06, 2023 Cyber War / Malware
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, BlackShadow and Pink Sandstorm (previously Americium). "The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News. "Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable." This includes three different novel wipers such as MultiLayer, PartialWasher, and BFG Agonizer, as well as a bespoke tool to extract inf

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
Sep 15, 2023 Cyber Attack / Password Security
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name  Peach Sandstorm  (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate intelligence collection in support of Iranian state interests. Should the authentication to an account be successful, the threat actor has been observed using a combination of publicly available and custom tools for discovery, persistence, and lateral movement, followed by data exfiltration in limited cases. Peach Sandstorm , also known by the names APT33, Elfin, and Refined Kitten, has been linked to spear-phishing attacks against aerospace and energy sectors in the past, some of which have entailed the use of the  SHAPESHIFT  wiper malware. It's said to be active since at least 2013.

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Apr 18, 2023 Cyber Threat / Malware
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed  ScreenConnect, RemoteUtilities, and Syncro , a  new analysis  from Group-IB has revealed the adversary's use of the SimpleHelp remote support software in June 2022. MuddyWater, active since at least 2017, is assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Some of the top targets include Turkey, Pakistan, the U.A.E., Iraq, Israel, Saudi Arabia, Jordan, the U.S., Azerbaijan, and Afghanistan. "MuddyWater uses SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices," Nikita Rostovtsev, senior threat analyst at Group-IB, said. "SimpleHelp is not compromised and is used as intended. The threat actors found a way to download the tool from the of

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations
Feb 03, 2023 Cyber Espionage / Cyber Threat
The Iranian nation-state hacking group known as  OilRig  has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy  said . While the technique in itself is not unheard of, the development marks the first time OilRig has adopted it in its playbook, indicating the continued evolution of its methods to bypass security protections. The advanced persistent threat (APT) group, also referred to as APT34, Cobalt Gypsy, Europium, and Helix Kitten, has been  documented  for its targeted phishing attacks in the Middle East since at least 2014. Linked to Iran's Ministry of Intelligence and Security (MOIS), the group is known to use a diverse toolset in its operations, with re

Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API

Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API
Feb 28, 2022
An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker  UNC3313 , which it assesses with "moderate confidence" as associated with the MuddyWater state-sponsored group. "UNC3313 conducts surveillance and collects strategic information to support Iranian interests and decision-making," researchers Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed  said . "Targeting patterns and related lures demonstrate a strong focus on targets with a geopolitical nexus." In mid-January 2022, U.S. intelligence agencies  characterized  MuddyWater (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) as a subordinate element of the Iranian Ministry of Intelligence and

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
Mar 08, 2021
Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft. Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research  published by Anomali  last month, which found evidence of malicious activity aimed at UAE and Kuwait government agencies by exploiting ScreenConnect remote management tool.  The cybersecurity firm linked the ongoing attacks with moderate confidence to a threat actor widely tracked as  MuddyWater , an Iranian hacker group known for its offensives primarily against Middle Eastern nations. Earth Vetala is said to have leveraged spear-phishing emails containing embedded links to a popular file-sharing service called Onehub to distribute malware that ranged from password dumping utilities to custom backdoors, before initiating communications with a command-and-control (C2) server to exe
Cybersecurity Resources