• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

flyytech by flyytech
September 15, 2022
Home Security
Share on FacebookShare on Twitter



Iranian threat actors have been on the radar and in the crosshairs of the US government and security researchers alike this month with what appears to be a ramp-up in and subsequent crackdown on threat activity from advanced persistent threat (APT) groups associated with the Iran’s Islamic Revolutionary Guard Corps (IRGC).

The US government on Wednesday simultaneously revealed an elaborate hacking scheme by and indictments against several Iranian nationals thanks to recently unsealed court documents, and warned US organizations of Iranian APT activity to exploit known vulnerabilities — including the widely attacked ProxyShell and Log4Shell flaws — for the purpose of ransomware attacks.

Meanwhile, separate research revealed recently that an Iranian state-sponsored threat actor tracked as APT42 has been linked to more than 30 confirmed cyberespionage attacks since 2015, which targeted individuals and organizations with strategic importance to Iran, with targets in Australia, Europe, the Middle East, and the United States.

The news comes amid growing tensions between the United States and Iran on the heels of sanctions imposed against the Islamic nation for its recent APT activity, including a cyberattack against the Albanian government in July that caused a shutdown of government websites and online public services, and was widely castigated.

Moreover, with political tensions between Iran and the West mounting as the nation aligns itself more closely with China and Russia, Iran’s political motivation for its cyber-threat activity is growing, researchers said. Attacks are more likely to become financially driven when faced with sanctions from political enemies, notes Nicole Hoffman, senior cyber-threat intelligence analyst at risk-protection solution provider Digital Shadows.

Persistent & Advantageous

Still, while the headlines seems to reflect a surge in recent cyber-threat activity from Iranian APTs, researchers said recent news of attacks and indictments are more a reflection of persistent and ongoing activity by Iran to promote its cybercriminal interests and political agenda across the globe.

“Increased media reporting on Iran’s cyber-threat activity does not necessarily correlate to a spike in said activity,” Mandiant analyst Emiel Haeghebaert noted in an email to Dark Reading.

“If you zoom out and look at the full scope of nation-state activity, Iran has not slowed their efforts,” agrees Aubrey Perin, lead threat intelligence analyst at Qualys. “Just like any organized group their persistence is key to their success, both in the long term and short term.”

Still, Iran, like any threat actor, is opportunistic, and the pervasive fear and uncertainty that currently exists due to geopolitical and economic challenges — such as the ongoing war in Ukraine, inflation, and other global tensions — certainly buoys their APT efforts, he says.

Authorities Take Notice

The growing confidence and boldness of Iranian APTs has not gone unnoticed by global authorities — including those in the United States, who appear to be getting fed up with the nation’s persistent hostile cyber engagements, having endured them for at least the last decade.

An indictment that was unsealed Wednesday by the Department of Justice (DoJ), US Attorney’s Office, District of New Jersey shed specific light on ransomware activity that occurred between February 2021 and February 2022 and affected hundreds of victims in several US states, including Illinois, Mississippi, New Jersey, Pennsylvania, and Washington.

The indictment revealed that from October 2020 through the present, three Iranian nationals — Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari — engaged in ransomware attacks that exploited known vulnerabilities to steal and encrypt data of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere.

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and other agencies subsequently warned that actors associated with the IRGC, an Iranian government agency tasked with defending leadership from perceived internal and external threats, have been exploiting and are likely to continue to exploit Microsoft and Fortinet vulnerabilities — including an Exchange Server flaw known as ProxyShell — in activity that was detected between December 2020 and February 2021.

The attackers, believed to be acting at the behest of an Iranian APT, used the vulnerabilities to gain initial access to entities across multiple US critical infrastructure sectors and organizations in Australia, Canada, and the United Kingdom for ransomware and other cybercriminal operations, the agencies said.

Threat actors shield their malicious activities using two company names: Najee Technology Hooshmand Fater LLC, based in Karaj, Iran; and Afkar System Yazd Company, based in Yazd, Iran, according to the indictments.

APT42 & Making Sense of the Threats

If the recent spate of headlines focused on Iranian APTs seems dizzying, it’s because it took years of analysis and sleuthing just to identify the activity, and authorities and researchers alike are still trying to wrap their heads around it all, Digital Shadows’ Hoffman says.

“Once identified, these attacks also take a reasonable amount of time to investigate,” she says. “There are a lot of puzzle pieces to analyze and put together.”

Researchers at Mandiant recently put together one puzzle that revealed years of cyberespionage activity that starts as spear-phishing but leads to Android phone monitoring and surveillance by IRGC-linked APT42, believed to be a subset of another Iranian threat group, APT35/Charming Kitten/Phosphorus.

Together, the two groups also are connected to an uncategorized threat cluster tracked as UNC2448, identified by Microsoft and Secureworks as a Phosphorus subgroup carrying out ransomware attacks for financial gain using BitLocker, researchers said.

To thicken the plot even further, this subgroup appears to be operated by a company using two public aliases, Secnerd and Lifeweb, that have links to one of the companies run by the Iranian nationals indicted in the DoJ’s case: Najee Technology Hooshmand.

Even as organizations absorb the impact of these revelations, researchers said attacks are far from over and likely will diversify as Iran continues its aim to exert political dominance on its foes, Mandiant’s Haeghebaert noted in his email.

“We assess that Iran will continue to use the full spectrum of operations enabled by its cyber capabilities in the long term,” he told Dark Reading. “Additionally, we believe that disruptive activity using ransomware, wipers, and other lock-and-leak techniques may become increasingly common if Iran remains isolated in the international stage and tensions with its neighbors in the region and the West continue to worsen.”



Source_link

flyytech

flyytech

Next Post
xScreen for Xbox Series S review: A Full HD panel for gaming almost anywhere

xScreen for Xbox Series S review: A Full HD panel for gaming almost anywhere

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

AWS Nitro Enclaves and TPMs. ACM.80 Protecting data and encryption… | by Teri Radichel | Cloud Security | Oct, 2022

AWS Nitro Enclaves and TPMs. ACM.80 Protecting data and encryption… | by Teri Radichel | Cloud Security | Oct, 2022

October 15, 2022
Penetration testing is in the eye of the beholder

Penetration testing is in the eye of the beholder

September 21, 2022

Trending.

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
How to View Ring Doorbell on a Roku TV

How to View Ring Doorbell on a Roku TV

December 20, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

CP+ 2023: Canon interview – ‘It’s our mission to make any camera system easier operate’: Digital Photography Review

CP+ 2023: Canon interview – ‘It’s our mission to make any camera system easier operate’: Digital Photography Review

March 26, 2023
Apple’s 2022 10th generation iPad is now available for just $399

Apple’s 2022 10th generation iPad is now available for just $399

March 26, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT