Of money
All articles
An Iranian espionage infrastructure operating against Israel has been exposed
Defensive cyber company Cyberizen has uncovered a sophisticated spyware infrastructure attributed to an Iranian attack group.
The group has worked to spy on and steal sensitive information from various destinations in Israel, throughout the Middle East, as well as in the United States, Russia and Europe.
Tags
Iran
Cyber
Spyware
terrorism
dropbox
Dropbox
Walla!
Of money
Wednesday, 06 October 2021, 11:16 Updated: 13:01
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
Following an investigation that lasted several months, the Sabrizen research team uncovered a wide-ranging attack campaign which is attributed to an Iranian attack group known as MalKamak.
The investigation shows that the group has been operating under the radar since 2018 and has not been revealed to date.
The attackers acted covertly and meticulously, seeking to penetrate strategic targets, particularly among companies and organizations engaged in data communications, aerial technologies and space exploration.
During the attack campaign, the attackers used a Remote Access Trojan (RAT) known as ShellClient, which has not been documented at all to date and has developed significantly over the years.
More on Walla!
Dolorit stuffed with chickpeas by Olga Tuchsher
To the full article
Dropbox - The popular platform used by the Iranians to disguise damage as legitimate network traffic (Photo: ShutterStock)
The attacked organizations received real-time alert
The attackers took advantage of the widespread use of the popular Dropbox platform (which offers free cloud storage services, and is not of course related to espionage or Iran) in favor of remote control of the damage, under the guise of legitimate network traffic.
By doing so, the attackers scanned the internal networks and stole information without being exposed by antivirus software or other means of protection
.
Cyberizen said the affected organizations and relevant security officials had been updated by it on the attack, but the actual damage caused has not yet been clarified.
Lior Dib, CEO and founder of Cyberzen: "A solution that documents behavioral analysis" (Photo: Cyberzen)
The attack - just part of an Iranian intelligence campaign
"In recent months, Cyberizen's research team has uncovered a series of espionage infrastructures in various countries, all of which have attacked and even exploited existing defense systems to their advantage." Stated
Lior Deeb, CEO and founder Siibrizn
. "The deployment of multiple protection systems which generate large number of alarms will not help stop sophisticated attacks. The Cyberizen solution that identified this attack relies on behavioral analysis and provides a complete, real-time, focused picture.
" During the handling of the incident and after installing our technology on the organization's computers, we identified a sophisticated and new damage that has not yet been seen or documented.
An in-depth investigation by the team indicated that the attack was in fact one part of an entire Iranian intelligence campaign, which has been conducted secretly and under the radar for the past three years, "he said.
Assaf Dahan, head of the cyber threat research group at Cyberizen
.
"From the findings of the study, and from the few traces left behind by the attackers, it is clear that they acted thoroughly and selected their victims carefully. This is a sophisticated Iranian attacker who acted professionally according to a considered and calculated strategy. Israel and may even pose a real threat. "
Dahan added.
Assaf Dahan, head of the Cyber Threat Research Group: "The attackers acted thoroughly and selected their victims carefully" (Photo: Cybersen)
Cybereason is a defensive cyber company that protects endpoints in organizations and aims to identify, prevent and neutralize cyber attacks (NGAV, EDR, XDR). The company was founded in 2012 by three entrepreneurs: Lior Div, Yossi boy and Jonathan Striem fellow and currently employs more than 1,000 workers worldwide with offices in Tokyo, Singapore, London, Boston and Tel Aviv.
Siibrizn developed a sophisticated system that collects information from all stations Assign the organization (computers, servers, telephones, etc.) and analyze their operations.With the vast amount of information collected in real time, the product detects malicious behaviors and presents the chain of events through a simple and intuitive interface.
The platform enables organizations to continuously monitor the various systems in the organization, as well as identify, investigate, isolate and stop real-time attacks.
In addition to the company's products, Cyberizen also offers ancillary services (24x7) that help customers manage the software, analyze and stop attacks, as well as cyber insurance of up to $ 1 million in the event of an attack.
The company operates in more than 50 countries around the world and its customers include the world's leading companies from a variety of fields including banks, international financial corporations, pharmaceutical manufacturers, software and IT services companies, food companies, retail and more.
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments