#Cybersecurity#vulnerability#malware#security#software
  • Home
  • Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

Author : ArmCoding
21-05-2024
Share
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively.

Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by Microsoft.

The threat actor is known for its disruptive cyber attacks against Albania since July 2022 under the name Homeland Justice that involve the use of bespoke wiper malware called Cl Wiper and No-Justice (aka LowEraser).

Initial access in some cases is accomplished by the exploitation of known security flaws in internet-facing applications (e.g., CVE-2019-0604), according to an advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in September 2022.

A successful foothold is followed by the deployment of web shells, including a homebrewed one called Karma Shell that masquerades as an error page but is capable of enumerating directories, creating processes, uploading files, and starting/stopping/listing services.

Void Manticore is suspected of using access previously obtained by Scarred Manticore (aka Storm-0861) to carry out its own intrusions, underscoring a “handoff” procedure between the two threat actors.

This high degree of cooperation was previously also highlighted by Microsoft in its own investigation into attacks targeting Albanian governments in 2022, noting that multiple Iranian actors participated in it and that they were responsible for distinct phases –

  • Storm-0861 gained initial access and exfiltrated data
  • Storm-0842 deployed the ransomware and wiper malware
  • Storm-0166 exfiltrated data
  • Storm-0133 probed victim infrastructure

It’s also worth pointing out that Storm-0861 is assessed to be a subordinate element within APT34 (aka Cobalt Gypsy, Hazel Sandstorm, Helix Kitten, and OilRig), an Iranian nation-state group known for the Shamoon and ZeroCleare wiper malware.

“The overlaps in techniques employed in attacks against Israel and Albania, including the coordination between the two different actors, suggest this process has become routine,” Check Point said.

 

Source: https://thehackernews.com/

#Crime#CVE#Cybersecurity#Hacker#malware#Network#software#vulnerability
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
  • 31-05-2024
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
  • 31-05-2024
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
  • 30-05-2024
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
  • 30-05-2024
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
  • 29-05-2024
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
  • 29-05-2024
4th Zero-Day Exploit Discovered in May 2024
4th Zero-Day Exploit Discovered in May 2024
  • 27-05-2024
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
  • 27-05-2024
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
  • 24-05-2024