Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies.
Initially concentrated on Israel, these groups are now extending their cyber operations to include targets in other countries, with a particular emphasis on the United States.
·Emerging Narrative from Iranian Hacktivist Groups: Analysis shows that at least four Iranian hacktivist groups are now focusing on targeting U.S. entities.
·Strategy of Iranian Affiliated Groups: Groups such as CyberAv3ngers and Cyber Toufan appear to be adopting a narrative of retaliation in their cyberattacks.
The landscape of cyber warfare is evolving, particularly in the context of the recent war between Israel and Hamas.
Iranian hacktivist groups are at the forefront of this change, combining actual cyber successes with repeated and sometimes exaggerated claims.
Notable among the Iranian-affiliated groups are CyberAv3ngers and Cyber Toufan.
Their operations often involve claims of retaliation against U.S. entities for using Israeli technology, reflecting a strategy of dual retaliation.
As tensions in the Middle East continue, the likelihood of ongoing cyberattacks by these groups, particularly against U.S. targets, remains high.
Following are examples of Iran affiliated groups that are targeting the US:. CyberAv3ngers.
An Iranian Government Islamic Revolutionary Guard Corps group, known for intermittent operations primarily targeting Israeli entities.
According to CISA alert, since at least November 22, 2023, this group started compromising default credentials in Unitronics devices across victims in multiple U.S. states, with a focus on critical infrastructure organizations.
This group emerged with the recent war, initially targeting Israel before shifting focus to the U.S. This group's activities have included data leaks and website defacements.
Initially focused on Israeli organizations, this group has claimed responsibility for leaking information from various sectors and targeting U.S. companies, allegedly due to their use of Israeli IT infrastructure.
As part of the attacks, the group also claimed to attack the Berkshire eSupply US company, also with the alleged excuse that they use products from Israeli companies as part of their IT infrastructure.
A pro-Iranian group active since 2018, recently claimed attacks on U.S. infrastructure, including pipeline and electrical systems, and allegedly hacked CCTV systems at numerous U.S. airports.
During the last week, the grouphas accelerated its anti-Western messaging and on December 2nd,attackers from the group claimed to have hacked CCTV cameras of more than 50 US airports.
Disclaimer: The details regarding the attacks presented in this blog are relayed exactly as reported by the hacktivist groups.
Check Point Research advise organizations to stay alert and maintain a prevention-first approach to cyberattacks.
Ensure Robust Security: Confirm the use of strong, non-default passwords for all PLC and HMI devices to fortify your organization's defense against potential cyber threats.
This Cyber News was published on blog.checkpoint.com. Publication date: Mon, 04 Dec 2023 11:13:06 +0000