Iranian Hackers | Breaking Cybersecurity News | The Hacker News

The United States Department of Justice has announced criminal charges and sanctions against 9 Iranians involved in hacking universities, tech companies, and government organisations worldwide to steal scientific research resources and academic papers. According to the FBI officials, the individuals are connected to the Mabna Institute , an Iran-based company created in 2013 whose members were allegedly hired by the Iranian government for gathering intelligence. Though the content of the papers is not yet known, investigators believe it might have helped Iranian scientists to develop nuclear weapons. In past four years, the state-sponsored hacking group has allegedly infiltrated more than 320 universities in 22 countries—144 of which were in the United States—and stolen over 30 terabytes of academic data and intellectual property. The group used spear-phishing attacks to target more than 100,000 e-mail accounts and computer systems of the professors around the world, and suc

Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets. The security firm also says it has evidence that APT33 works on behalf of Iran's government. FireEye researchers have spotted cyber attacks aimed by APT33 since at least May 2016 and found that the group has successfully targeted aviation sector—both military and commercial—as well as organisations in the energy sector with a link to petrochemical. The APT33 victims include a U.S. firm in the aerospace sector, a Saudi Arabian business conglomerate with avi

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by researchers at Trend Micro and Israeli firm ClearSky. Dubbed by researchers CopyKittens (aka Rocket Kittens) , the cyber espionage group has been active since at least 2013 and has targeted organisations and individuals, including diplomats and researchers, in Israel, Saudi Arabia, Turkey, the United States, Jordan and Germany. The targeted organisations include government institutions like Ministry of Foreign Affairs, defence companies, large IT companies, academic institutions, subcontractors of the Ministry of Defense, and municipal authorities, along with employees of the United Nations. The latest report [ PDF ], dubbed &q

A new disk wiping malware has been uncovered targeting a petroleum company in Europe, which is quite similar to the mysterious disk wiper malware Shamoon that wiped data from 35,000 computers at Saudi Arabia's national oil company in 2012. Disk wiping malware has the ability to cripple any organization by permanently wiping out data from all hard drive and external storage on a targeted machine, causing great financial and reputational damage. Security researchers from Moscow-based antivirus provider Kaspersky Lab discovered the new wiper StoneDrill while researching last November's re-emergence of Shamoon malware (Shamoon 2.0) attacks – two attacks occurred in November and one in late January. Shamoon 2.0 is the more advanced version of Shamoon malware that reportedly hit 15 government agencies and organizations across the world, wipes data and takes control of the computer's boot record, preventing the computers from being turned back on. Meanwhile, Kaspersky resea

The Federal Bureau of Investigation (FBI) has lengthened its Most Wanted List by adding seven Iranian hackers who are accused of attacking a range of US banks and a New York dam. On Thursday, the United States Department of Justice (DoJ) charged seven Iranian hackers with a slew of computer hacking offences for breaking into computer systems of dozens of US banks, causing Millions of dollars in damages, and tried to shut down a New York dam. The individual hackers, who allegedly worked for computer security companies linked to the Iranian government, were indicted for an " extensive campaign " of cyber attacks against the US financial sector. All the seven hackers have been added to the FBI's Most Wanted list, and their names are: Ahmad Fathi , 37 Hamid Firoozi , 34 Amin Shokohi , 25 Sadegh Ahmadzadegan (aka Nitr0jen26), 23 Omid Ghaffarinia (aka PLuS), 25 Sina Keissar , 25 Nader Saedi (aka Turk Server), 26 All the hackers have been charg

The United States has freed 4 Iranian nationals ( including one Hacker ) and reduced the sentences of 3 others in exchange for the release of 5 Americans formerly held by Iran as part of a prisoner swap or Prisoner Exchange Program. The Iranian citizens released from the United States custody through a side deal to the Iran nuclear agreement. Iran released five Americans, including: Washington Post reporter Jason Rezaian Former U.S. Marine Amir Hekmati Student Matthew Trevithick Christian pastor Saeed Abedini Pastor Nosratollah Khosravi-Roodsari The United States pardoned seven Iranian nationals, including: Nader Modanlou Bahram Mechanic Khosrow Afqahi Arash Ghahreman Touraj Faridi Nima Golestaneh (Hacker) Ali Sabounchi "These individuals weren't charged with terrorism or any violent offenses. They are civilians, and their release is a one-time gesture to Iran given the unique opportunity offered by this moment and the larger circumstance

Hackers are getting smarter in fooling us all , and now they are using sophisticated hacking schemes to get into your Gmail. Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account. Researchers at Citizen Lab released a report on Thursday which shows how the hackers are using text messages and phone-based phishing attacks to circumvent Gmail's security and take over the Gmail accounts of their targets, specifically political dissidents. The report detailed and elaborated three types of phishing attacks aimed at Iranian activists. Researchers also found one such attack targeting Jillian York , the Director for International Freedom of Expression at the Electronic Frontier Foundation . Here's How the Attack Works Via Text Messages: In some case

For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies, security researchers said. An 87-page report published by the U.S. cyber security firm Cylance says Iranian state-sponsored hackers have hacked critical infrastructure of more than 50 organizations in 16 countries worldwide in a cyber-espionage campaign that could allow them to eventually cause physical damage. Among the targeted organizations, ten are reportedly based in the United States. The threat-detection firm dubbed the campaign as " Operation Cleaver ," which aimed at gathering data from various agencies. The group reportedly stole highly sensitive information and took control of networks in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexic

The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website. The security firm dubbed the cyber espionage operation as ' Newscaster ', under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people. Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy ad

The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking

Google's primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar ( domain.tj ) authority has been hacked, that allows the hacker to access domain control panel. Server Kernel:  Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686 Iranian hacker ' Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told ' The Hacker News ' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel. Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Following the screenshot of compromised Domain Registrar's Control Panel:

Users in Iran call Internet as " Filternet ", because of the heavily censored Internet access they have. Million Iranians used VPN servers to access the outside world. In October, 2013 Jack Dorsey, the co-founder of Twitter asked Iranian President, ' Are citizens of Iran able to read your tweets? ' In Reply Mr. The President said that he will work to make sure Iranians have access to information globally in what appears to be a reference to reducing online censorship. Just after promising to support Internet Freedom, the Iran Government has banned yet another web application called -  Cryptocat , a tool that allows for secure and encrypted chat. The app is well known for bringing encrypted communications to the masses, popular with human rights activists and journalists around the world. According to ' Blockediniran.com ', Cryptocat website and the associated private chat service were inaccessible to our users in Iran. Currently since Monday.  ' It cu

Google says tens of thousands of Gmail accounts belonging to Iranian users have been targeted in an politically motivated hacking campaign in the weeks leading up to the country's closely watched presidential elections. For the last three weeks, the search giant said it has " detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. " " These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region, " Eric Grosse, Google's Vice President for Security Engineering. Phishing attacks are emails which appear official but instead lead users to websites where they are encouraged to reveal data including usernames, passwords, and credit card details. Google said it has a policy to alert users to " state-sponsored attacks and other suspicious activity ," but did not identify the perpetrators be

For all the talk about China and the Syrian Electronic Army, it seems there's another threat to U.S. cyber interests i.e Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. The officials stated that the goal of the Iranian attacks is sabotage rather than espionage . Whereas, The cyber attacks from China however, are more aimed at stealing information from the U.S. government that is confidential, as well as from private business.  Mandiant announced that the Chinese government was backing the attacks. However, officials fr

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel . A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm , an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam. This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. " We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers ," Akhavan said. The sophisticated worm spreads via USB drives and through four previously

Iranian CERT is sounding the alarm over another bit of data-deleting malware it's discovered on PCs in the country. Dubbed Batchwiper , the malware systematically wipes any drive partitions starting with the letters D through I Drive, along with any files stored on the Windows desktop of the user who is logged in when it's executed Why naming Batchwiper ?  The name was chosen because the malware is packed in a batch file. The malware initiates its data wiping routine on certain dates, the next one being Jan. 21 2013. However, the dates of Oct. 12, Nov. 12 and Dec. 12, 2012, were also found in the malware's configuration, suggesting that it may have been in distribution for at least two months. GrooveMonitor.exe is the original dropper, which is a self-extracting RAR file, once executed it extracts the following files: -- \WINDOWS\system32\SLEEP.EXE, md5: ea7ed6b50a9f7b31caeea372a327bd37 -- \WINDOWS\system32\jucheck.exe, md5: c4cd216112cbc5b8c046934843c579f6 -- \WIND

It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological components could be itself a point of weakness, last year in fact an U.S. stealthy RQ-170 Sentinel drone was captured by Iranian military near the city of Kashmar. The vehicle was used in reconnaissance mission, it took off from near Afghanistan, exactly from Kandahar airfield. In this hours government of Teheran has announced to have captured a new drone, Iran's Islamic Revolution Guards Corps (IRGC) Navy Commander Rear Admiral Ali Fadavi reported that on Dec. 5th Iranian defense has captured a Scan Eagle drone that violated the fly zone over the Persian Gulf, around Kharg Island, in southern Iran. The zone is a strategic area, the place provides a sea port for the export o

The UN nuclear watchdog has acknowledged one of its former computer servers had been hacked. The stolen information was contained in a statement by a group with an Iranian-sounding name calling for an inquiry into Israel's nuclear activities. The International Atomic Energy Agency (IAEA) is investigating Iran's nuclear program. A group called Parastoo Farsi for the swallow bird and a common Iranian girl's name claimed responsibility for posting the names on its website two days ago. The group had been known to be critical of Israel's undeclared nuclear weapons program. " The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago ," agency spokesperson said and agency experts had been working to eliminate any " possible vulnerability " in it even before it was hacked. Israel and the United States accuse Iran of seeking to develop a nuclear weapons capability, a charge Tehran denies, and says the Islamic state is th

Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country's infrastructure. Malware Dubbed W32.Narilam , is predominantly active in the Middle East, and it has also been detected in the USA and UK. The worm looks for particular words in Microsoft SQL databases and overwrites them. The worm specifically targets SQL databases with three distinct names, alim, maliran, and shahd. Once the targeted databases are found, Narilam looks for specific objects and tables and either deletes the tables or replaces items with random values. On Monday an alert was published on tarrahsystem.com warning of the W32.Narilam threat to its customers. The bulk of the infections thus far have been found in the Middle East, particularly Iran and Afghanistan. Kaspersky Lab took issue with repo

An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.  Who's really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has " undertaken a concerted effort to use cyberspace to its advantage. " Today, Iran's defense minister said, The United States is the source of cyber terrorism. " and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation, " Defense Minister Ahmad Vahidi. The Iranian defense minister also sai