Latest U.S. Indictments Target Iranian Espionage Actors

The U.S. government has indicted three Iranian nationals on charges related to cyber attacks against aerospace and satellite technology companies. Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati are alleged to have carried out a string of attacks between Read More …

Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers Read More …

European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting Read More …

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control Read More …

APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims

The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, Read More …

‘Twas the night before

Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that Read More …

Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus

State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, Read More …

Security experts: Iran-backed hackers targeting U.S. and Saudi Arabia

Cybersecurity firm FireEye has identified a new group of hackers, known as APT33, that it says has been working on behalf of the Iranian government since 2013. The group has “potential destructive capabilities,” FireEye warned. “The campaigns that were laid Read More …