Iranian Phishing Campaign Targets Israel-Hamas War Experts

Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence.
The threat actor Mint Sandstorm, which has ties to Iranian military intelligence, is using bespoke phishing lures to entice targets into downloading malicious files, with the aim of stealing sensitive data.
The ongoing campaign, which was first spotted in November 2023, is targeting experts deemed to have the potential to influence intelligence and policies in areas of interest to the Islamic Republic of Iran.
Microsoft believe this campaign could be designed to gather different perspectives on the Israel-Hamas conflict from individuals across the ideological spectrum.
The targets primarily work at universities and research organizations in Belgium, France, Gaza, Israel, the UK and US. How Mint Sandstorm is Targeting Middle East Experts.
Microsoft said it has observed new tactics, techniques and procedures being utilized by Mint Sandstorm in this campaign, including the use of legitimate but compromised email accounts to send phishing lures.
Initially, the threat actor emails the target pretending to be a high-profile individual, such as a journalist at a reputable news outlet requesting input for an article about the Israel-Hamas war.
In others, legitimate but compromised email accounts belonging to the impersonated individual are used.
The first message is benign and contains no malicious content, with the aim of building trust with the victim, according to Microsoft's Threat Intelligence Team.
The use of legitimate email accounts likely bolsters Mint Sandstorm's credibility.
If the target agrees to review an article or document referenced in the initial email, the Iran-linked attackers follow up with an email containing a link to a malicious domain.
These domains host a RAR archive file purporting to contain the draft document.
Decompresses into a double extension file with the same name.
When this file is opened, it runs a curl command to retrieve a series of malicious files from subdomains owned by Mint Sandstorm, glitch[.
Multiple malicious file types are downloaded to targets' devices in this campaign, Microsoft said.
A new custom backdoor, MediaPI, has been observed sending encrypted communications to Mint Sandstorm's command-and-control.
This file masquerades as the legitimate Windows Media Player application.
Communications to and from MediaPl's C2 server are AES CBC encrypted and Base64 encoded, and the file is able to terminate itself.
Attackers were also observed writing activity from victims' devices to a series of text files, including one named documentLoger.
The Microsoft team emphasized the sophisticated nature of the campaign, which makes it difficult for victims to detect.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 18 Jan 2024 15:35:08 +0000


Cyber News related to Iranian Phishing Campaign Targets Israel-Hamas War Experts

Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
10 months ago Securityweek.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
11 months ago Infosecurity-magazine.com
The Dangerous Mystery of Hamas' Missing 'Suicide Drones' - Faced with the looming possibility that Hamas could leverage some of the same techniques, Israel began running drills, practicing with fighter jets to intercept UAVs. In February 2014, it announced a prototype of a new air defense system: The "Iron ...
1 year ago Wired.com
Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks - For Israel, 2023 will be remembered as the beginning of the war in Gaza after the devastating Hamas terror attacks on Oct. 7. The conflict spread to the cyber realm, with hacktivists on both sides declaring their intentions to conduct cyberattacks. ...
11 months ago Darkreading.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why? - Cyber threat actors linked with Hamas have seemingly ceased activity ever since the terrorist attack in Israel on Oct. 7, confounding experts. Russia's invasion of Ukraine - preceded and supported by historic waves of cyber destruction, espionage, ...
10 months ago Darkreading.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
10 months ago Techrepublic.com
Iran-Israel Cyber War Goes Global - Iran's cyber conflict with Israel has reached global proportions, with cyberattacks against businesses and government agencies on other continents causing arguably as much ruckus as those in Israel itself. While US military bases and international ...
10 months ago Darkreading.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Anti-Hezbollah Groups Hack Beirut Airport Screens - Beirut's international airport faced a cyber-attack on Sunday, reportedly orchestrated by domestic anti-Hezbollah groups. The attack comes amid escalating tensions between Hezbollah and the Israeli military. According to a press release published on ...
11 months ago Infosecurity-magazine.com
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors - A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been ...
1 year ago Thehackernews.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
9 months ago Darkreading.com
Pro-Palestinian operation claims dozens of data breaches against Israeli firms - Pro-Palestinian hackers say they breached dozens of Israeli entities amid the ongoing war in Gaza, which has also extended into cyberspace. A group calling itself Cyber Toufan said it launched an operation against Israel at the end of November, ...
11 months ago Therecord.media
Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked - The information display screens at Beirut's international airport were hacked by domestic anti-Hezbollah groups Sunday, as clashes between the Lebanese militant group and the Israeli military continue to intensify along the border. Departure and ...
11 months ago Securityweek.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say - A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities ...
1 year ago Securityweek.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
11 months ago Bleepingcomputer.com
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks - Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of ...
1 year ago Thehackernews.com
How Israel Is Defending Against Iran's Drone Attack - On Saturday, Iran launched more than 200 drones and cruise missiles at Israel. As the drones made their way across the Middle East en route to their target, Israel has invoked a number of defense systems to impede their progress. The Iron Dome, ...
8 months ago Wired.com
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere - Three members of Congress have asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting the nation's top cyberdefense agency to warn other water and sewage-treatment utilities that ...
1 year ago Securityweek.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
11 months ago Helpnetsecurity.com
Top White House cyber aide says recent Iran hack on water system is call to tighten cybersecurity - WASHINGTON - A top White House national security official said recent cyber attacks by Iranian hackers on U.S. water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by ...
1 year ago Apnews.com
Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity - A top White House national security official said recent cyber attacks by Iranian hackers on US water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by utilities and ...
1 year ago Securityweek.com
Fake F5 BIG-IP zero-day warning emails push data wipers - The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. Israel's National Cyber Directorate acts as the CERT responsible for protecting the country ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)