Cybercriminals broke into the systems of 23 leading Iranian insurance firms and SnappFood, Iran's leading online food ordering service, dumping millions of user profiles.
The sample from the insurers' leak included names, phones, identity numbers, addresses, passport numbers, and other sensitive details from the insurance companies including Kowsar, Atieh, Asia, and Alborz.
This data is said to include data from 20 million user profiles, 51 million users' addresses and 600,000 credit card records.
StealC Info-Stealer Hudson Rock researchers determined that a computer used by a Snappfood employee - most likely a software developer - was recently infected by the StealC info-stealer.
Although unconfirmed as the source of the attack, the malware created a conduit through which sensitive data may have been extracted.
The motives behind the twin attacks remain unclear but circumstantial evidence points towards cyber espionage rather than profit-driven cybercrime, according to Hudson Rock.
That remains unconfirmed and some form of spear phishing attack or other unknown vector may well be to blame.
StealC has featured in malware-spreading campaigns by cybercriminals looking to infect as many computers as possible.
These groups resell any compromised credentials to often more experienced threat actors whose expertise is in identifying critical credentials, and infiltrating organizations to perform ransomware attacks, cyberattacks, and account takeovers.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 03 Jan 2024 19:55:15 +0000