-->
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Iranian computers

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide

February 18, 2020Ravie Lakshmanan
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed " Fox Kitten ," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors. "We estimate the campaign revealed in this report to be among Iran's most continuous and comprehensive campaigns revealed until now," ClearSky researchers said . "The revealed campaign was used as a reconnaissance infrastructure; however, it can also be used as a platform for spreading and activating destructive malware such as ZeroCleare and Dustman." Tying the activities to threat groups APT33, APT34, and APT39, the offensive — conducted using a mix of open source and self-developed tools — also facilitated the groups to steal sensitive information
The 7 Most Wanted Iranian Hackers By the FBI

The 7 Most Wanted Iranian Hackers By the FBI

March 25, 2016Wang Wei
The Federal Bureau of Investigation (FBI) has lengthened its Most Wanted List by adding seven Iranian hackers who are accused of attacking a range of US banks and a New York dam. On Thursday, the United States Department of Justice (DoJ) charged seven Iranian hackers with a slew of computer hacking offences for breaking into computer systems of dozens of US banks, causing Millions of dollars in damages, and tried to shut down a New York dam. The individual hackers, who allegedly worked for computer security companies linked to the Iranian government, were indicted for an " extensive campaign " of cyber attacks against the US financial sector. All the seven hackers have been added to the FBI's Most Wanted list, and their names are: Ahmad Fathi , 37 Hamid Firoozi , 34 Amin Shokohi , 25 Sadegh Ahmadzadegan (aka Nitr0jen26), 23 Omid Ghaffarinia (aka PLuS), 25 Sina Keissar , 25 Nader Saedi (aka Turk Server), 26 All the hackers have been charg
Iranian Hackers targeting US oil, gas, and electric companies

Iranian Hackers targeting US oil, gas, and electric companies

May 26, 2013Mohit Kumar
For all the talk about China and the Syrian Electronic Army, it seems there's another threat to U.S. cyber interests i.e Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. The officials stated that the goal of the Iranian attacks is sabotage rather than espionage . Whereas, The cyber attacks from China however, are more aimed at stealing information from the U.S. government that is confidential, as well as from private business.  Mandiant announced that the Chinese government was backing the attacks. However, officials fr
Iran blocks most virtual private network (VPN) services

Iran blocks most virtual private network (VPN) services

March 11, 2013Mohit Kumar
IRAN has spent years fending off cyber attacks, blocking access and isolated their own intranet off from the outside world. Many Iranians was using of virtual private network (VPNs), which provides encrypted links directly to private networks based abroad, to access Sites like YouTube and Facebook after bypassing the country's internet filter. But recently, Iranian authorities have blocked the use of most virtual private network to stop people in the country from circumventing the government's internet filter. A widespread government internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal. Ramezanali Sobhani-Fard, the head of parliament's information and communications technology committee said, " Within the last few days illegal VPN ports in the country have been blocked. Only legal and registered VPNs can from now on be used. " Registered and legal VPN access can still be purchased, but the typical fi
Batchwiper malware, new virus targets Iranian computers

Batchwiper malware, new virus targets Iranian computers

December 18, 2012Mohit Kumar
Iranian CERT is sounding the alarm over another bit of data-deleting malware it's discovered on PCs in the country. Dubbed Batchwiper , the malware systematically wipes any drive partitions starting with the letters D through I Drive, along with any files stored on the Windows desktop of the user who is logged in when it's executed Why naming Batchwiper ?  The name was chosen because the malware is packed in a batch file. The malware initiates its data wiping routine on certain dates, the next one being Jan. 21 2013. However, the dates of Oct. 12, Nov. 12 and Dec. 12, 2012, were also found in the malware's configuration, suggesting that it may have been in distribution for at least two months. GrooveMonitor.exe is the original dropper, which is a self-extracting RAR file, once executed it extracts the following files: -- \WINDOWS\system32\SLEEP.EXE, md5: ea7ed6b50a9f7b31caeea372a327bd37 -- \WINDOWS\system32\jucheck.exe, md5: c4cd216112cbc5b8c046934843c579f6 -- \WIND
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.