The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Iraninan Hackers

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

April 26, 2022Ravie Lakshmanan
An Iranian-linked threat actor known as  Rocket Kitten  has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as  CVE-2022-22954  (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While the issue was patched by the virtualization services provider on April 6, 2022, the company  cautioned users  of confirmed exploitation of the flaw occurring in the wild a week later. "A malicious actor exploiting this RCE vulnerability potentially gains an unlimited attack surface," researchers from Morphisec Labs  said  in a new report. "This means highest privileged access into any components of the virtualized host and guest environment." Attack chains exploiting the flaw involve the distribution of a PowerShell-based stager, which is the
Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel

Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel

July 16, 2021Ravie Lakshmanan
Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform. The social media giant pinned the attacks to a threat actor known as  Tortoiseshell  (aka Imperial Kitten) based on the fact that the adversary used similar techniques in past campaigns attributed to the threat group, which was  previously   known  to focus on the information technology industry in Saudi Arabia, suggesting an apparent expansion of malicious activity. "This group used various malicious tactics to identify its targets and infect their devices with malware to enable espionage,"  said  Mike Dvilyanski, Head of Cyber Espionage Investigations, and David Agranovich, Director, Threat Disruption, at Facebook. "This activity had the hallmarks of a well-resourced and
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.