Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Isreal. Show all posts
Isreal
Bypass of Sensitive data. Cyber Security Data Hackers data security Data Theft Hacker attack Isreal

Spyware Disguised as Safety App Targets Israelis Amid Rising Cyber Espionage Activity

 

A fresh wave of digital spying has emerged, aiming at people within Israel through fake apps made to look like official warning tools. Instead of relying on obvious tricks, it uses the credibility of public alerts to encourage downloads of harmful programs. 

Cyber experts highlight how these disguised threats pretend to offer protection while actually stealing information. Trust in urgent notifications becomes the weak spot exploited here. What seems helpful might carry hidden risks beneath its surface. Noticed first by experts at Acronis, the operation involves fake texts mimicking alerts from Israel’s Home Front Command - an IDF division. 

Instead of genuine warnings, these messages push a counterfeit app update for civilian missile notifications. While seeming official, the link leads to malicious software disguised as protection tools. Rather than safety, users face digital risks when installing the altered program. Falling for the guide, people install spyware rather than a genuine program. The harmful software can harvest exact whereabouts, texts, stored credentials, phone directories, along with private files kept on the gadget, experts say. Years of activity mark this group within cyber intelligence circles. 

Thought to connect with Arid Viper, the operation fits patterns seen before. Targets often include Israeli military figures, alongside people in areas like Egypt and Palestine. Instead of complex tools, they lean on social engineering to spread malicious software. Their methods persist over time, adapting without drawing attention. What stands out is the level of preparation seen in the attackers, according to Acronis. Their operations show a clear aim, targeting systems people rely on when tensions rise between nations. 

Instead of random strikes, these actions follow a pattern meant to blend in. Official-looking messages appear during crises, shaped like real alerts. Because they resemble legitimate warnings, users are more likely to respond without suspicion. Infrastructure once seen as safe now becomes a vector - simply because it's trusted at critical moments. 

A fresh report from Check Point Software Technologies reveals cyberattacks targeting surveillance cameras in Israel and neighboring areas of the Middle East. These intrusions point toward coordinated moves to collect data while possibly preparing to interfere with essential infrastructure. Cyber operations have emerged alongside rising friction after documented strikes by U.S. and Israeli forces on locations inside Iran. 

In response, several groups aligned with Tehran have stated they carried out digital intrusions aimed at both official Israeli bodies and corporate networks. Even so, specialists observe that such assaults still lack major influence on the overall struggle. Yet, as nations lean more heavily on hacking methods, it becomes clear - cyber tactics now weave tightly into global power contests. When links arrive unexpectedly, skipping the download is wise - trust matters less than origin. 

Official storefronts serve as safer gateways compared to random web prompts. Messages mimicking familiar brands often hide traps beneath clean designs. Jumping straight to installation bypasses crucial checks best left intact. Verified platforms filter out many hostile imitations by design. Risk shrinks when access follows established paths instead of sudden urges. 

When emergencies strike, cyber threats tend to rise - manipulating panic instead of logic. Pressure clouds judgment, creating openings for widespread breaches. Urgency becomes a tool, not a shield, in these moments. Digital attacks grow sharper when emotions run high. Crises rarely pause harm; they invite it.
Read more »
Isreal
Cyber Attacks Cybersecurity Reporting cybersecurity risk Cyerhackers Hacker attack Iran Isreal

Cyberattacks Reported Across Iran Following Joint US-Israeli Strike on Strategic Targets

 

A fresh bout of online actions emerged overnight Friday into Saturday, running parallel to air assaults carried out jointly by U.S. and Israeli forces against sites inside Iran, security researchers noted. The timing suggests the virtual maneuvers were linked to real-world strikes - possibly aiming to scramble communication lines, shape information flow, or hinder organized reactions on the ground. 

Appearing online, altered pages of Iranian media sites showed protest slogans instead of regular articles. Though small in number, these digital intrusions managed to reach large audiences through popular platforms. A shift occurred when hackers targeted BadeSaba - an app relied on by millions for daily religious guidance. Messages within the app suggested military personnel step back and align with civilian demonstrators. Not limited to websites, the interference extended into mobile tools trusted by ordinary users. 

Despite its routine function, the calendar software became a channel for dissenting statements. More than just data theft, the breach turned everyday technology into a medium for political appeal. Someone poking around online security thinks the app got picked on purpose - lots of people who back the government use it to look up faith stuff. According to Hamid Kashifi, who started a tech outfit called DarkCell, that crowd turned the platform into a useful path for hackers aiming to push content within national borders. 

Meanwhile, connections online in Iran began falling fast. According to Doug Madory - who leads internet research at Kentik - access weakened notably when the strikes occurred, with just faint digital signals remaining in certain areas. Some reports noted cyber actions focused on various Iranian state functions, administrative bodies, along with possible facilities tied to defense. 

As referenced by the Jerusalem Post, these incidents might have sought to weaken Iran’s capacity for unified decision-making amid heightened tensions. Possibly just the start, this online behavior could signal deeper conflicts ahead. With hostilities growing, factions linked to Iran might strike back through digital means, according to Rafe Pilling. He leads threat analysis work at Sophos. Targets may include U.S. or Israeli defense systems, businesses, even everyday infrastructure. 

Such moves would come amid rising geopolitical strain. What researchers have seen lately involves reviving past data leaks, while also trying simpler ways to target online industrial controls. Early moves like these could serve as probes - checking weak spots or collecting details ahead of bigger actions, according to experts. Now working at the cybersecurity firm Halcyon, Cynthia Kaiser - once a top cyber official at the Federal Bureau of Investigation - observed a clear rise in digital operations throughout the Middle East. Calls urging more aggressive moves have already emerged from online actors aligned with Iran, she pointed out. 

Meanwhile, Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike, said the firm is already observing reconnaissance efforts and distributed denial-of-service attacks linked to Iranian-aligned groups. Though tensions rise, some experts point to how warfare now blends physical strikes with online attacks - raising fears of broader digital clashes. 

Iran, noted by American authorities before, appears in the same category as China and Russia when discussing state-backed hacking aimed at international systems. With hostilities evolving, unseen pathways into infrastructure take on greater risk, especially given past patterns of intrusion tied to geopolitical friction.
Read more »
Phishing Attacks
Cyber Attacks Cyber War Cyber Warfare Cyberhacking Hacking Attack Iran Iranian hackers Isreal Phishing Attacks

Israel and Iran Cyber War Escalates After June Conflict Despite Ceasefire

 

The long-running cyber conflict between Israel and Iran has intensified following the June war, according to a recent report by the Financial Times. Israeli officials disclosed that they began receiving suspicious text messages containing malicious links soon after the 12-day conflict. One official, speaking anonymously, confirmed that the attacks have not stopped, emphasizing that the cyber hostilities remain active despite a temporary ceasefire on the battlefield. 

Recent incidents highlight the scale of the digital confrontation. Iranian hackers have been linked to phishing campaigns targeting Israeli diplomats and government officials, while also attempting to exploit vulnerabilities in Microsoft software to infiltrate Israeli networks. 

In parallel, Israel and groups aligned with its interests have launched disruptive cyberattacks on Iran, underscoring how digital warfare has become a central element in the shadow war between the two nations. During the June conflict, Iran’s Ministry of Communications reported facing what it described as its most extensive cyberattack campaign to date, with more than 20,000 incidents in just 12 days. 

One attack temporarily disabled Iran’s air defense systems as Israeli Air Force jets launched strikes on Tehran on June 13. Israeli cybersecurity experts later described the air defense breach as a tactical move designed to give Israel an initial advantage, while stressing that intelligence gathering on Iranian military figures and nuclear scientists was the most significant outcome. 

On the other side, an Israeli-aligned hacking group known as Gonjeshke Darande claimed responsibility for siphoning around $90 million from the Iranian cryptocurrency exchange Nobitex, transferring the funds into a wallet that could not be accessed. Nobitex rejected accusations that it operated as a regime tool, though the same group also targeted two major Iranian banks, including state-owned Bank Sepah. 

These attacks reportedly crippled banking systems by disabling not only primary data but also backup and disaster recovery servers, according to Dotin, the software provider for the affected banks. Meanwhile, Iranian-backed hackers conducted cyber operations against 50 Israeli companies, including firms in logistics, human resources, and defense-related sectors.

Leaked resumes of thousands of Israeli citizens linked to defense work were published online. Attackers also attempted to manipulate Israelis by sending fake messages that appeared to come from the Home Front Command, advising civilians to avoid bomb shelters during missile strikes. Other attempts focused on breaching security camera systems to track the locations of incoming rockets. 

Despite these efforts, Israeli cybersecurity officials argue that the cyberattacks on their country have caused minimal disruption. Iran, however, appears to have suffered more significant setbacks. Senior Iranian officials acknowledged weaknesses in their systems, citing the country’s centralized data structures as a vulnerability exploited by Israeli forces. 

The scale of the damage prompted calls within Iran for urgent measures to strengthen its cyber defense capabilities. Experts believe the cyber war will continue to escalate, as it allows both sides to strike at one another without triggering immediate international backlash. Analysts note that while conventional attacks risk provoking strong responses from global powers, operations in cyberspace often proceed unchecked. 

For Israel and Iran, the digital battlefield has become a critical front in their decades-long struggle, one that persists even when guns fall silent.
Read more »
Windows
CPR Cyber Attacks Hacker attack Hacking Iranian hackers Isreal Linux Public Networks Windows

Iranian Hacker Group Void Manticore Linked to Destructive Cyber Attacks on Israel and Albania

 

A recent report from Check Point Research (CPR) has unveiled the activities of an Iranian hacker group known as Void Manticore, which has been linked to a series of destructive cyber attacks on Israel and Albania. Affiliated with Iran’s Ministry of Intelligence and Security (MOIS), Void Manticore operates alongside another Iranian threat actor, Scarred Manticore, to carry out these attacks. 

The group employs various online personas, such as "Karma" for attacks in Israel and "Homeland Justice" for those in Albania. Their tactics involve gaining initial access to target networks using publicly available tools and deploying custom wipers to render data inaccessible on both Windows and Linux systems. CPR’s analysis details a systematic collaboration between Void Manticore and Scarred Manticore. Initially, Scarred Manticore gains access and exfiltrates data from targeted networks. 

Control is then transferred to Void Manticore, which executes the destructive phase of the operation. This strategic partnership amplifies the scale and impact of their cyber attacks. The report underscores the similarities in the attacks on Israel and Albania, including the exploitation of specific vulnerabilities for initial access, the use of similar tools, and the coordinated efforts between the two groups. These overlaps suggest a well-established routine for the Iranian hacker groups. 

Void Manticore's toolkit includes several custom wipers, such as the CI Wiper, Partition Wipers like LowEraser, and the recently deployed BiBi Wiper, named after Israeli Prime Minister Benjamin Netanyahu. These wipers specifically target files and partition tables, using advanced techniques to corrupt files and disrupt system functionality. 

The revelation of Void Manticore's activities and its collaboration with Scarred Manticore underscores the growing sophistication and coordination of state-affiliated cyber threat actors. The combined use of psychological tactics and destructive malware represents a significant escalation in cyber warfare, posing substantial risks to national security and critical infrastructure. 

As these cyber threats continue to evolve, it is imperative for nations and organizations to strengthen their cybersecurity defenses and enhance their capabilities to detect, mitigate, and respond to such sophisticated attacks. The report from CPR serves as a crucial reminder of the persistent and evolving nature of cyber threats posed by state-affiliated actors like Void Manticore and Scarred Manticore.
Read more »
LockBit 2.0 ransomware
Dark Web Data Breach Data Leak data security data steal Data Stolen Isreal LockBit 2.0 ransomware

LockBit 2.0 Ransomware Hit Israeli Defense Firm E.M.I.T. Aviation Consulting

 

LockBit 2.0 ransomware operators have reportedly hit the Israeli aerospace and defense firm E.M.I.T. in a new campaign of attacks. According to Aviation Consulting Ltd, hackers claim to have accessed the internal system and also have stolen credential data from the company. 

Post attack, the group is threatening to publish the stolen data which includes sensitive information, invoices, employees, and possibly payment data, onto their dark web leak site in case the company is not ready to pay the ransom. Although the group of attackers is yet to leak the stolen data as proof of the attack, the countdown will end on 07 October 2021. 

Currently, it has not been disclosed how the attackers' group acquired access to the system of the company and when the incident took place. Similar to other ransomware attacks, LockBit 2.0 has also executed a ransomware-as-a-service model and maintains a network of affiliates. 

According to the technical data, the ransomware operation group LockBit ransomware has been in action since September 2019, in June the group announced the LockBit 2.0 RaaS. After ransomware ads were banned on the hacking forums, the group of LockBit operators came with their own leak site and also promoting the latest model and advertising the LockBit 2.0 affiliate program. 

At present, the LockBit gang is highly active targeting numerous organizations including Riviana, Anasia Group, Wormington & Bollinger, Vlastuin Group, DATA SPEED SRL, SCIS Air Security, Peabody Properties, Island independent buying group, Buffington Law Firm Day Lewis, and many others worldwide. 

A few months, the Australian Cyber Security Centre (ACSC) had warned its Australian organizations against LockBit 2.0 ransomware attacks. E.M.I.T. Aviation Consulting Ltd was established in 1986, the company is involved in designing and assembling complete aircraft, tactical and sub tactical UAV systems, and mobile integrated reconnaissance systems.
Read more »
Subscribe to: Comments (Atom)