News • Insights • Analysis
Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs Read More …
An Iranian-aligned hacking group tracked as ‘MuddyWater’ has dramatically shifted tactics in attacks against Israeli and Egyptian critical infrastructure. Previous campaigns by the group, observed by ESET Research, were characteristically noisy in their tactics, techniques, and procedures (TTPs) making them Read More …
Group-IB Threat Intelligence uncovered a sophisticated phishing campaign orchestrated by the Advanced Persistent Threat (APT) MuddyWater, targeting international organizations worldwide to gather foreign intelligence. MuddyWater accessed the compromised mailbox through NordVPN(a legitimate service abused by the threat actor), and used Read More …
The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that Read More …
At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, the Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, artificial intelligence and IoT Read More …
In the second half of 2022, a wave of attacks from an unknown threat actor targeted victims with a new type of attack framework that we dubbed P8. The campaign targeted Vietnamese victims, mostly from the financial sector, with some Read More …
MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), is known to be active since at least 2017. During the last year, MuddyWater engaged in widespread phishing campaigns targeting the Middle East, with a particular Read More …
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania. Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly Read More …
Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and Read More …
A previously unknown threat actor that researchers have named ‘Metador’ has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. Metador targets organizations in the Middle East and Africa and their purpose appears to be long-term Read More …
