Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Iranian Hackers Attack Telecom Companies Using Custom Tools

The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater.
The attack took place in November 2023, and the attackers used a range of tools, including the recently found and published MuddyC2Go infrastructure by Deep Instinct.
Along with other publicly accessible and living-off-the-land tools, the attackers also use a custom keylogging tool, the SimpleHelp remote access tool, and Venom Proxy, which have been linked to Seedworm activities in the past.
The attacks in this campaign, which targeted one specific telecom company, took place in November 2023.
The initial indications of malicious behavior were certain PowerShell executions connected to the MuddyC2Go backdoor.
The variables at the initial stage of the code seem to be there merely to try and evade detection by security software because they are irrelevant and unutilized.
Immediately following this execution, the attackers used a previously established scheduled task to launch the MuddyC2Go malware.
The attackers employed a few standard instructions associated with the Impacket WMIExec hack tool.
Utilizing the SimpleHelp remote access tool, a connection was made to the C&C server at 146.70.124[.]102. Additional PowerShell stager execution took place concurrently with the attacker running the Revsocks tool.
On the same computer as Revsocks and SimpleHelp, the attackers also used AnyDesk, a second authorized remote access application.
MuddyC2Go-related PowerShell executions also took place on the same system.
It is speculated that the attackers utilized WMI to initiate the SimpleHelp installer on the victim network earlier in 2023.
Although this behavior could not be linked to Seedworm at the time, it seems that the same group of attackers was responsible for the earlier activity.
In another incident, the attackers additionally employed a new custom keylogger, and they also executed a customized build of the Venom Proxy hack tool on this network.
For persistence on victim machines, SimpleHelp, a reliable remote device control and administration application, is used in this activity.
Other tools used in this activity include Revsocks, AnyDesk, PowerShell, and Custom keylogger.
This emphasizes how important it is for businesses to be alert to any unusual PowerShell usage on their networks.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 20 Dec 2023 13:40:05 +0000

Cyber News related to Iranian Hackers Attack Telecom Companies Using Custom Tools

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33

8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com

HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
1 year ago Cysecurity.news Inception

FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches - In January, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom ...
4 months ago Bleepingcomputer.com

Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com

Iranian Hackers Attack Telecom Companies Using Custom Tools - The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater. The attack took place in November 2023, and the attackers used a range of tools, including the ...
1 year ago Cybersecuritynews.com MuddyWater

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
11 months ago Aws.amazon.com

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
2 months ago Cybersecuritynews.com

The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com

Cybersecurity funding in 2024: Survival of the financially fittest - Attacker tactics, techniques, and procedures always evolve, which means companies will need new cybersecurity tools with improved capabilities. Cybersecurity startups raised massive rounds of funding with sometimes exorbitant valuations. ...
1 year ago Scmagazine.com

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
1 month ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33

Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media