Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ClearSky. Show all posts

Israeli Chief-of-Staff was Hacked by an Iranian State-Sponsored Cybercriminal

 

According to the Times of Israel, an Iranian cybercriminal targeted the computer of a former IDF chief of staff and acquired access to his complete computer database. Yaser Balaghi was identified as the hacker by Channel 10. After the hack, he allegedly brags about it, while also unwittingly leaving a trail of his identity. Iran was compelled to stop a cyber operation that had targeted 1,800 persons around the world, including Israeli army generals, Persian Gulf human rights campaigners, and academics, due to this oversight. 

After Check Point, an Israeli cybersecurity firm, confirmed the Iranian hacking operation's existence two weeks ago, the Times of Israel was the first to report on it. The information from Check Point was also shown in a Channel 10 report on Tuesday. The attack began two months prior, according to Gil Shwed, CEO of Check Point Software Technologies, who told Israel Radio in late January that targets received email messages aimed at installing malware on their computers. More than a quarter of those who received the emails clicked them, unknowingly downloading spyware and allowing the hackers to steal data from their hard drives. 

Hezbollah and the Iranian regime have attacked Israel multiple times in the last two years. In the previous two years, Israel has been the target of several cyberattacks. Some of the infiltration attempts, according to officials, were carried out by hackers linked to Hezbollah and the Iranian government. 

Late in January, Israel's Electric Authority was the target of a significant cyberattack, according to Energy Minister Yuval Steinitz. He didn't say where the attack was coming from, though. ClearSky, an Israeli cybersecurity firm, said in June that it has detected a continuous wave of cyberattacks emanating from Iran against targets in Israel and the Middle East, with Israeli generals once again being among the targets. The company claims that the goal is espionage or other nation-state goals. 

According to ClearSky, the hackers utilize targeted phishing techniques to gather user identity data by creating phoney websites that appear legitimate and trustworthy. They were successful in penetrating 40 targets in Israel and 500 sites worldwide. Retired generals, employees of security consultancy organizations, and academic experts were among the targets in Israel.

Lebanese Cedar Targeted Telecoms, Hosting’s, ISPs Worldwide

 

A "persistent attacker group" with supposed connections to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into organizations worldwide and extract significant data. In another report published by the ClearSky research group on Thursday, the Israeli cybersecurity firm said it recognized at least 250 public-facing web servers since early 2020 that have been hacked by the threat actors to gather intelligence and take the organization's databases. The coordinated intrusions hit a ton of organizations situated in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and facilitating and infrastructure service providers (Secured Servers LLC, iomart). 

First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to infiltrate an enormous number of targets utilizing different assault procedures, including a custom-made malware implant codenamed Explosive. Lebanese Cedar has been recently associated with Lebanese roots — explicitly Hezbollah's cyber unit — regarding a cyber espionage campaign in 2015 that focused on military providers, telecom organizations, media outlets, and universities. 

The Lebanese Cedar hackers utilized open-source hacking tools to check the web for unpatched Atlassian and Oracle servers, at that point they utilized exploits to access the server and send a web shell to acquire traction in the target system. 

The assailants utilized basic 1-day vulnerabilities dependent on the vulnerable versions of the services in the undermined servers. Utilizing the three flaws in the servers (CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152) as an attack vector to acquire underlying traction, the assailants at that point infused a web shell and a JSP file browser, the two of which were utilized to move laterally across the network, fetch additional malware, and download the Explosive RAT, which accompanies abilities to record keystrokes, capture screenshots, and executes arbitrary commands. 

ClearSky noticed that the group's utilization of web shell as its essential hacking tool might have been instrumental in driving researchers to a "dead-end in terms of attribution." "Lebanese Cedar has shifted its focus significantly. Initially, they attacked computers as an initial point of access, then progressed to the victim's network then further progressing to targeting vulnerable, public-facing web servers," the researchers said.