Breaking News

Iranian hackers compromised former IDF chief’s computer

According to Israel’s Channel 10 Iranian hackers succeeded in gaining access last year to the computer database of a retired Israeli army chief of staff.

Many reports published by security firms warn of the increasing threat represented by Iranian hackers. US and Israeli organizations represent a privileged target for these hackers, last year they used stolen private pictures of IDF’s women soldiers to breach Israeli military server.

According to a report published by the Israel’s Channel 10, hundreds of Israel’s current and former top security officials have been targeted by Iranian hackers.

The report reveals that Iranian hackers compromised computers of 1800 key figures worldwide, most of them from Israel including a former Israeli Army chief-of-staff.

The report speculated the involvement of the hackers belonging to the Iran’s Revolutionary Guards. Experts at the Israeli security firm Check Point Software Technologies promptly identified and blocked the attacks.

The  Israeli experts also identified one of the Iranian hackers, Yasser Balachi, that accidentally displayed his email ID. Check Point’s head of security services Ron Davidson, confirmed that the man is a member of an organized group.

“Balachi said that he had not operated on his own initiative but for another cyber organization that commissioned the work,” said Ron Davidson.

Yet it is unclear even now what was the actual extent of the damage and what kind of information did they steal.

It is not clear which is the impact of the attack and which information was exposed.

Iranian hackers are becoming even more aggressive, in November computers at the US State Department and other government employees were targeted by them. The experts linked the attackers with the Iranian Revolutionary Guard, according to investigators the Facebook and e-mail accounts of US State Department officials focused on Iran were compromised to gather data about US-Iranian dual citizens in Iran and about the arrest of an Iranian-American businessman in Tehran in October.

The hackers have taken over social media accounts of junior State Department staff to launch a spear phishing campaign on the employees working in the State Department’s Office of Iranian Affairs and Bureau of Near Eastern Affairs and in the computers of some journalists.

Check Point experts confirmed that the Iranian hackers launched spear phishing attacks against their targets with the intent to infect them with spyware.

In December, a report published by Symantec revealed that Iranian hackers have been using malware to track individuals, including Iranian activists and dissidents.

The researchers identified two groups of Iran-based hackers, dubbed Cadelle and Chafer, which were distributing data stealer malware since at least mid-2014. The experts uncovered the command-and-control servers explaining that registration details indicate the Iranian hackers may have been operating since 2011.

There are a number of indicators that suggest both groups are based in Iran, the Cadelle and Chafer teams are most active during the day time within Iran’s time zone and primarily operate during Iran’s business week (Saturday through Thursday).

In June, experts at Clear Sky spotted a number of cyber-attacks launched from the Iran and targeting Israeli organizations and other entities in the Middle East.

Security experts at ClearSky uncovered a cyber espionage campaign dubbed Thamar Reservoir due to the name of its target Thamar E. Gindin. The investigation led the experts to date the Thamar Reservoir campaign back to 2011, threat actors adopted several attack techniques finalized to the espionage.

The majority of the victims of the Thamar Reservoir campaign was located in the Middle East (550) and belong to Middle East and Iranian diplomacy entities, defense and security industries, journalists and human rights organizations.

Who is behind the Thamar Reservoir campaign?

According to the researchers at ClearSky, the evidence collected suggest the involvement of Iranian hackers. The experts noticed several similarities with other attacks in the same geographic area such as:

  • Attacks conducted using the Gholee malware, which we discovered.
  • Attacks reported by Trend Micro in Operation Woolen-Goldfish.
  • Attacks conducted by the Ajax Security Team as documented by FireEye.
  • Attacks seen during Newscaster as documented by iSight.

No doubts, Iranian hackers will continue to launch cyber espionage campaigns likely with most advanced malware.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  cyber espionage, Iranian hackers)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

5 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.