Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry
May 24, 2023
Cyber Threat / Web Security
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell , which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected sites collect preliminary user information through a script," ClearSky said in a technical report published Tuesday. Most of the impacted websites have been stripped of the rogue code. Tortoiseshell is known to be active since at least July 2018, with early attacks targeting IT providers in Saudi Arabia. It has also been observed setting up fake hiring websites for U.S. military veterans in a bid to trick them into downloading remote access trojans. That said, this is not the first time Iranian activity clusters have set their sights on the Is...