Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books. The malicious app was uploaded to VirusTotal where it triggered one of our YARA rules (used to classify and identify malware samples), which gave us the opportunity to analyze it.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
Charming Kitten: “Can We Have A Meeting?”
Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.
Microsoft investigates Iranian attacks against the Albanian government
Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.
L'Albanie accuse l'Iran d'une cyberattaque qui a paralysé ses services publics
L'Albanie a décidé de rompre ses relations diplomatiques avec l'Iran, a annoncé le Premier ministre albanais Edi Rama dans une allocution télévisée le 7 septembre. Il l'accuse d'avoir engagé "quatre groupes pour monter une cyberattaque" qui a paralysé les services gouvernementaux le 15 juillet dernier.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Iranian hackers leak info of over 300,000 Israelis from tourism sites
Iranian hacker group Sharp Boys obtained personal data from over 20 Israeli tourism sites.
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books. The malicious app was uploaded to VirusTotal where it triggered one of our YARA rules (used to classify and identify malware samples), which gave us the opportunity to analyze it.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
Charming Kitten: “Can We Have A Meeting?”
Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.
Microsoft investigates Iranian attacks against the Albanian government
Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.