CyberSecurityBoard
Sponsor Register Login

Iranian Hackers Breaches Critical National Infrastructure With multiple Webshells & Backdoors

A sophisticated cyber intrusion targeting critical national infrastructure in the Middle East has been uncovered, with evidence pointing to an Iranian state-sponsored threat group. The adversaries employed a chain of open-source proxying tools-including plink, Ngrok, glider proxy, and ReverseSocks5-to traverse security boundaries and penetrate deeper into restricted network segments, including those potentially connected to operational technology (OT) environments. These tools demonstrate the evolving capability set of Iranian cyber operators and highlight the continued threat to critical infrastructure globally. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Fortinet researchers identified particularly concerning efforts by the attackers to bypass network segmentation, a security measure specifically designed to prevent such lateral movement. From these initial access points, the attackers methodically expanded their presence, installing sophisticated backdoors including Havoc, HanifNet, HXLibrary, and NeoExpressRAT. These tools enabled comprehensive command execution, file operations, and critical system discovery capabilities across the compromised infrastructure. The attackers also employed HXLibrary, a malicious IIS module providing deep system control, and NeoExpressRAT, a Golang-based backdoor with hardcoded C2 communication capabilities. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The HanifNet backdoor represents a sophisticated .NET-based tool designed for maintaining persistent access to compromised systems. Initial investigation reveals signs of compromise dating back as early as May 2021, indicating a long-term strategic operation designed for intelligence gathering and potential prepositioning for future attacks. The threat actors initially gained access through compromised VPN credentials, subsequently deploying multiple web shells on public-facing servers to establish footholds within the victim’s environment. Its communication with command and control infrastructure was carefully obfuscated to evade traditional security monitoring.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 13:00:04 +0000


Cyber News related to Iranian Hackers Breaches Critical National Infrastructure With multiple Webshells & Backdoors

Detecting And Investigating Webshells In Compromised CMS Environments - By understanding their attack vectors, employing advanced detection techniques, and following a structured investigation and remediation process, organizations can effectively defend against these persistent backdoors and maintain the integrity and ...
2 weeks ago Cybersecuritynews.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
11 months ago Cisa.gov
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
1 year ago Tripwire.com
Iranian Hackers Breaches Critical National Infrastructure With multiple Webshells & Backdoors - A sophisticated cyber intrusion targeting critical national infrastructure in the Middle East has been uncovered, with evidence pointing to an Iranian state-sponsored threat group. The adversaries employed a chain of open-source proxying ...
2 weeks ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
7 months ago Cyberdefensemagazine.com Akira
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Threat Actors Attacking Critical National Infrastructure With New Malware and Infrastructure - A sophisticated cyber intrusion targeting critical national infrastructure (CNI) in the Middle East has been uncovered, revealing a long-term espionage operation attributed to an Iranian state-sponsored threat group. They systematically moved through ...
2 weeks ago Cybersecuritynews.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
1 year ago Infosecurity-magazine.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)