New hacking group ‘Metador’ lurking in ISP networks for months

A previously unknown threat actor that researchers have named ‘Metador’ has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. Metador targets organizations in the Middle East and Africa and their purpose appears to be long-term Read More …

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent Read More …

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

MuddyWater has conducted various campaigns against entities spread throughout the U.S.A, Europe, Middle East and South Asia. A typical TTP employed by the group is the heavy use of scripting in their infection chains using languages like PowerShell and Visual Read More …

Iranian intel cyber suite of malware uses open source tools

FORT MEADE, Md. – To better enable defense against malicious cyber actors, U.S. Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are using in networks around the world. These actors, known Read More …

Suspected Iranian hackers target airline with new backdoor

A suspected, state-sponsored Iranian threat group has attacked an airline with a never-before-seen backdoor. On Wednesday, cybersecurity researchers from IBM Security X-Force said an Asian airline was the subject of the attack, which likely began in October 2019 until 2021. Read More …

Espionage Campaign Targets Telecoms Organizations across Middle East and Asia

Attackers most likely linked to Iran have attacked a string of telecoms operators in the Middle East and Asia over the past six months, in addition to a number of IT services organizations and a utility company. Organizations in Israel, Read More …

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with Read More …

Iranian state hacker group linked to ransomware deployments

Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers. While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions Read More …

ZeroLogon: Ransomware gang now using critical Windows flaw in attacks

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September. This time, Read More …

MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed Read More …