Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation.
The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them “medium confidence” in saying it was the work of MuddyWater, which has been linked to intrusions affecting Western government and banking networks in recent months. Attackers began with a Microsoft Teams phishing campaign, which is not uncommon. They also encouraged targets to share their screens. Again, it was nothing too out of the ordinary.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Variant of Shamoon Malware Uploaded to VirusTotal
December 12, 2018
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet. Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems. An updated ...
- Large Organizations Face Up to Several Million Targeted Bot Attacks per Day
December 12, 2018
According to an Osterman Research report, 211 large organizations with a mean of 16,822 employees have reported that during most weeks they experienced an average of 3,700 bot attacks targeting Internet exposed web apps. Bot attacks (also known as botnet attacks) make use of large numbers of connected computers to try and take down entire networks, websites, ...
- Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure
December 11, 2018
Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosa cyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk ...
- DarkVishnya: Banks attacked through direct connection to local network
December 6, 2018
While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research ...
- IoT Botnets Behind 78% of Malware Network Events in 2018 According to Report
December 6, 2018
Internet of things (IoT) botnet activity during 2018 was behind roughly 78% of all network malware events detected by the NetGuard Endpoint Security solution deployed on more than 150 million devices according to a report by the Nokia Threat Intelligence Lab. The Nokia Threat Intelligence Report 2019 report was also performed using multiple malware sandboxes and honeypots, on both ...
- ESET discovers 21 new Linux malware families
December 6, 2018
Although Linux is a much more secure operating system compared to the more widely used Windows, it is not impervious to misconfigurations and malware infections. Over the past decade, the number of malware families targeting Linux has grown, but the total number of threats is still orders of magnitude under the malware numbers reported attacking Windows systems. This smaller ...