Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Iranian cyber attack. Show all posts

Iranian Hackers Threaten More Trump Email Leaks Amid Rising U.S. Cyber Tensions

 

Iran-linked hackers have renewed threats against the U.S., claiming they plan to release more emails allegedly stolen from former President Donald Trump’s associates. The announcement follows earlier leaks during the 2024 presidential race, when a batch of messages was distributed to the media. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded by calling the incident “digital propaganda,” warning it was a calculated attempt to discredit public officials and mislead the public. CISA added that those responsible would be held accountable, describing the operation as part of a broader campaign by hostile foreign actors to sow division. 

Speaking virtually with Reuters, a hacker using the alias “Robert” claimed the group accessed roughly 100 GB of emails from individuals including Trump adviser Roger Stone, legal counsel Lindsey Halligan, White House chief of staff Susie Wiles, and Trump critic Stormy Daniels. Though the hackers hinted at selling the material, they provided no specifics or content. 

The initial leaks reportedly involved internal discussions, legal matters, and possible financial dealings involving RFK Jr.’s legal team. Some information was verified, but had little influence on the election, which Trump ultimately won. U.S. authorities later linked the operation to Iran’s Revolutionary Guard, though the hackers declined to confirm this. 

Soon after Trump ordered airstrikes on Iranian nuclear sites, Iranian-aligned hackers began launching cyberattacks. Truth Social, Trump’s platform, was briefly knocked offline by a distributed denial-of-service (DDoS) attack claimed by a group known as “313 Team.” Security experts confirmed the group’s ties to Iranian and pro-Palestinian cyber networks. 

The outage occurred shortly after Trump posted about the strikes. Users encountered error messages, and monitoring organizations warned that “313 Team” operates within a wider ecosystem of groups supporting anti-U.S. cyber activity. 

The Department of Homeland Security (DHS) issued a national alert on June 22, citing rising cyber threats linked to Iran-Israel tensions. The bulletin highlighted increased risks to U.S. infrastructure, especially from loosely affiliated hacktivists and state-backed cyber actors. DHS also warned that extremist rhetoric could trigger lone-wolf attacks inspired by Iran’s ideology. 

Federal agencies remain on high alert, with targeted sectors including defense, finance, and energy. Though large-scale service disruptions have not yet occurred, cybersecurity teams have documented attempted breaches. Two groups backing the Palestinian cause claimed responsibility for further attacks across more than a dozen U.S. sectors. 

At the same time, the U.S. faces internal challenges in cyber preparedness. The recent dismissal of Gen. Timothy Haugh, who led both the NSA and Cyber Command, has created leadership uncertainty. Budget cuts to election security programs have added to concerns. 

While a military ceasefire between Iran and Israel may be holding, experts warn the cyber conflict is far from over. Independent threat actors and ideological sympathizers could continue launching attacks. Analysts stress the need for sustained investment in cybersecurity infrastructure—both public and private—as digital warfare becomes a long-term concern.

Albanian President Holds Meeting with NSC Over Iran Cyber Attacks Led by HomeLand Justice

 

In the wake of the ongoing cyber attacks led by hackers group HomeLand Justice, the Albanian President Bajram Begaj recently held a meeting with the National Security Council (NSC) in the Albanian capital, Tirana on 10th October, Monday. The meeting, attended by senior government officials was conducted in order to discuss the issue of persistent cyberattacks, carried out against state infrastructure by Iran. 

The meeting was attended by Albanian Prime Minister Edi Rama, Prosecutor General Olsjan Çela, Director General of Police Muhamet Rrumbullaku, Chairman of the Security Commission Nasip Naço, and senior intelligence officials. 

The threat actors referred to as HomeLand Justice is a hacker group sponsored by the Iranian government’s advanced persistent threat (ATP) actors. The hackers attempted to paralyse public services, and delete and steal governmental data, disrupting the government’s websites and services, which created a nuisance in the state. 

Earlier this year, in July, HomeLand Justice took to social media, demonstrating the attack pattern of advertising the Albanian Government about the leaks, and posting polls asking the viewers to select the hacked information they want to be published.  

A similar attack was launched in September against the Albanian government, possibly instigated in retaliation for public attribution of the previous attacks, it severed diplomatic ties between the governments of Iran and Albania. 

Over the weekend, threat actors published the hacked data pertaining to employees of the State Police on the Telegram channel operated by Homeland Justice. The leaked data involved names, personal information and photographs, ID numbers, age, name, and photo. 

Although not much information has been provided about the meeting that lasted for two hours, Finance Minister Delina Ibrahimaj briefed about the meeting in an unrelated press conference. 

“In fact, it is the role of the president to call the national security committee on various issues. We discussed the current issues of cyber attacks. Each institution reported on the measures taken, on the level of impact and on the measures that will be taken in the future to cope with the situation”, stated Delina. 

The National Security Council was last addressed on 14th February 2022 by former president Ilir Meta in regard to Russia-Ukraine tensions.

US cyber attacks on Iranian targets not successful: Minister

U.S. cyber attacks against Iranian targets have not been successful, Iran's telecoms minister said on Monday, within days of reports that the Pentagon had launched a long-planned cyber attack to disable his country's rocket launch systems.

Tension runs high between longtime foes Iran and the United States after U.S. President Donald Trump on Friday said he called off a military strike to retaliate for the Middle East nation's downing of an unmanned U.S. drone.

U.S. President Donald Trump said on Saturday he would impose fresh sanctions on Iran but that he wanted to make a deal to bolster its flagging economy, an apparent move to defuse tensions following the shooting down of an unmanned U.S. drone this week.

On Thursday, however, the Pentagon launched a long-planned cyber attack, Yahoo News said, citing former intelligence officials. The cyber strike disabled Iranian rocket launch systems, the Washington Post said on Saturday.

"They try hard, but have not carried out a successful attack," Mohammad Javad Azari Jahromi, Iran's minister for information and communications technology, said on social network Twitter.

"Media asked if the claimed cyber attacks against Iran are true," he said. "Last year we neutralised 33 million attacks with the (national) firewall."

Azari Jahromi called attacks on Iranian computer networks "cyber-terrorism", referring to Stuxnet, the first publicly known example of a virus used to attack industrial machinery, which targeted Iran's nuclear facilities in November 2007.

Stuxnet, widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility in the Iranian city of Natanz.

Washington accused Tehran of stepping up cyber attacks.

Officials have detected a rise in "malicious cyber activity" directed at the United States by people tied to the Iranian government, Chris Krebs, director of the Department of Homeland Security's cybersecurity agency, said on Saturday on Twitter.

#BatchWiper, a new data-wiping virus targets Iranian computers


Recently, The Iranian CERT reported that a new piece of malware targets Iranian computers that capable of wiping the files from the infected computers.

SophosLabs have analyzed the new sample and confirmed that the malware attempt to erase the contents of any files on D, E, F, G, H and I drives.

The malware is distributed as a self-extracting WinRAR archive called GrooveMonitor.exe that drops three executable files: juboot.exe, jucheck.exe and SLEEP.EXE.

The 'justboot.exe' is a DOS BAT file that has been converted to PE format that uses 'SLEEP.exe' to wait for few seconds before it adds a registry entry that ensures that 'jucheck.exe' is executed each time the computer restarted.

The primary function of the malware is wiping the files from hard drive, but it does so only within few specific date ranges, each about two days long.

After deleting the data , the malware runs chkdsk in order to trick the victim into believing that the files have been corrupted because of software or hardware failure.