The United States cyber army carried out a cyberattack in June on a database used by Iran’s Islamic Revolutionary Guard Corps to plot attacks on oil tankers in the Gulf. The New York Times revealed that the US carried out a cyberattack in June on a database used by Iran’s Islamic Revolutionary Guard Corps to […]
Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today Iâd like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group […]
The Iran-linked cyberespionage group APT33 has updated its infrastructure after the publication of a report detailing its activities. In March, Symantec published a report detailing the activities of Iran-linked cyberespionage group APT33 that was targeting organizations in Saudi Arabia and the United States. The APT33 group has been around since at least 2013, since mid-2016, the […]
After media reported a cyber offensive launched by the US against Iran, Teheran announced that alleged cyber attack against its infrastructure has ever succeeded. Last week, media reported that the United States has launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. US President Donald Trump […]
According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features […]
A few hours ago, a new email hacking tool dubbed Jason and associated with the OilRig APT group was leaked through the same Telegram channel used to leak other tools. A new email hacking tool associated with the Iran-linked OilRig APT group was leaked through the same Telegram channel that in April leaked the source […]
Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns.Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. The OilRig APT group, the threat actor behind the DNSpionage malware campaign, is carrying out a new sophisticated and targeted operation that infects victims […]
Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten). Thanks to the leaked source code it is now possible to check APT34 implementations and techniques. Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has […]
Microsoft this week announced that it had taken control of 99 domains used by an Iran-linked APT group tracked by the company as Phosphorus. Microsoft has recently announced that it had taken control of 99 domains used by an Iran-linked APT group tracked by the tech giant as Phosphorus (aka APT35, Charming Kitten, NewsBeef, Newscaster […]
Israeli media reported this week that the Shin Bet internal security service warned Benny Gantz that Iranian cyber spies hacked his cellphone exposing his personal data. Iranian hackers targeted the campaign of the former Israeli military chief Benny Gantz who is a leading challenger to Prime Minister Netanyahu in next elections. According to the Israeli […]