CyberSecurityBoard
Sponsor Register Login

Hackers from Iran Gaining Access to Government Systems and Stealing Data Through a Secret Entrance

The Iranian nation-state hacking group known as OilRig has been targeting government organizations in the Middle East as part of a cyber espionage campaign. This campaign uses compromised email accounts to send stolen data to external mail accounts controlled by the attackers. This is the first time OilRig has used this technique, showing that they are continuing to evolve their methods to bypass security. The group has been active since 2014 and is linked to the Iranian Ministry of Intelligence and Security. They have been using a variety of tools in their attacks, including backdoors such as Karkoff, Shark, Marlin, and Saitama. The latest activity involves a .NET-based dropper that delivers four different files, including an implant to exfiltrate data. It also uses a dynamic-link library file to harvest credentials from domain users and local accounts. The stolen credentials are then used to send emails to Gmail and Proton Mail accounts controlled by the attackers. The emails are sent via government Exchange Servers using valid accounts with stolen passwords. The connections to APT34 are due to similarities between the first-stage dropper and Saitama, the victimology patterns, and the use of internet-facing exchange servers as a communication method. The increasing number of malicious tools used by OilRig shows their ability to create new malware based on the targeted environment and the privileges they have. Despite the simplicity of the routine, the novelty of the second and last stages suggests that this could be part of a larger campaign targeting governments.

This Cyber News was published on thehackernews.com. Publication date: Fri, 03 Feb 2023 15:41:03 +0000


Cyber News related to Hackers from Iran Gaining Access to Government Systems and Stealing Data Through a Secret Entrance

What to Do if You Expose a Secret: How to Stay Calm and Respond to an Incident - You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand what rotating the secret might disrupt, ...
1 year ago Feeds.dzone.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Iran-Israel Cyber War Goes Global - Iran's cyber conflict with Israel has reached global proportions, with cyberattacks against businesses and government agencies on other continents causing arguably as much ruckus as those in Israel itself. While US military bases and international ...
10 months ago Darkreading.com
In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities - You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load. A monthslong hacking campaign targeted the governments of regional rivals, including Israel, and marked a ...
1 year ago Nytimes.com
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs - An Iran-backed cyberespionage group is actively targeting telcos in North and East Africa. According to security researchers at Symantec, the latest cyberattacks by the advanced persistent threat it calls Seedworm are targeting ...
1 year ago Darkreading.com
Lawmakers: Ban TikTok to Stop Election Misinformation! Same Lawmakers: Restrict How Government Addresses Election Misinformation! - In a case being heard Monday at the Supreme Court, 45 Washington lawmakers have argued that government communications with social media sites about possible election interference misinformation are illegal. Just this week the vast majority of those ...
9 months ago Eff.org
Iran-linked hackers claim to leak troves of documents from Israeli hospital - A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. In a cyberattack on Ziv Medical Center in the city of Safed, near the border with Syria and ...
1 year ago Therecord.media
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
Chinese Hackers Target Iranian Government Entities in Months-long Attack - A months-long attack by Chinese hackers has been targeting Iranian government entities, according to a report by CSO Online. The hackers, named IAMPrime, have been targeting government institutions in Iran since at least July of last year. The ...
1 year ago Csoonline.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
1 year ago Bleepingcomputer.com
Hackers from Iran Gaining Access to Government Systems and Stealing Data Through a Secret Entrance - The Iranian nation-state hacking group known as OilRig has been targeting government organizations in the Middle East as part of a cyber espionage campaign. This campaign uses compromised email accounts to send stolen data to external mail accounts ...
1 year ago Thehackernews.com
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
1 year ago Darkreading.com
Hacktivists say they shut down Iran's gasoline pumps The Register - Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack. Iran's oil minister Javad Owji confirmed on Monday the IT systems of the nation's petrol stations had been attacked as ...
1 year ago Go.theregister.com
Hacktivists say they shut down Iran's gasoline pumps The Register - Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack. Iran's oil minister Javad Owji confirmed on Monday the IT systems of the nation's petrol stations had been attacked as ...
1 year ago Packetstormsecurity.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Albanian parliament, telecom company hit by cyberattacks - The Albanian parliament and a telecom company operating in the country were targeted by cyberattacks this week, the country's cyber agency said in a statement. Earlier this week, local media reported that during the attack on the parliament, hackers ...
11 months ago Therecord.media
Top White House cyber aide says recent Iran hack on water system is call to tighten cybersecurity - WASHINGTON - A top White House national security official said recent cyber attacks by Iranian hackers on U.S. water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by ...
1 year ago Apnews.com
Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity - A top White House national security official said recent cyber attacks by Iranian hackers on US water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by utilities and ...
1 year ago Securityweek.com
A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran - Nearly 70% of Iran's gas stations went out of service on Monday following possible sabotage - a reference to cyberattacks, Iranian state TV reported. It urged people not to rush to the stations that were still operational. State TV quoted a statement ...
1 year ago Securityweek.com
What Should We Expect for State and Local Government IT Priorities in 2024? - As we wrap up 2023, it is a great time to reflect on the current state of technology in state and local governments and look ahead to the priorities for the coming year. Maintaining the security of networks and the data they carry continues to be the ...
1 year ago Feedpress.me
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
10 months ago Cysecurity.news
Cyberattack on North Carolina county allowed hackers to access data - A cyberattack on a North Carolina county has forced officials to call in the state's national guard for assistance. In a message to residents on Tuesday, Bladen County said it became the victims of a cyberattack last week. The county - tucked in the ...
1 year ago Therecord.media
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
5 months ago Bleepingcomputer.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
11 months ago Securityintelligence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)