Iran

Pierluigi Paganini June 03, 2022
Microsoft blocked Polonium attacks against Israeli organizations

Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli […]

Pierluigi Paganini April 26, 2022
Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks

The Iran-linked APT group Rocket Kitten has been observed exploiting a recently patched CVE-2022-22954 VMware flaw. Iran-linked Rocket Kitten APT group has been observed exploiting a recently patched CVE-2022-22954 VMware Workspace ONE Access flaw to deploy ‘Core Impact’ Backdoor. The CVE-2022-22954 vulnerability is a server-side template injection remote code execution issue, it was rated 9.8 […]

Pierluigi Paganini April 25, 2022
Iran announced to have foiled massive cyberattacks on public services

State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted […]

Pierluigi Paganini March 14, 2022
A massive DDoS attack hit Israel, government sites went offline

Many Israel government websites were offline after a cyberattack, defense sources claim that this is the largest-ever attack that hit the country. Israeli media reported that a massive DDoS attack has taken down many Israel government websites. The Jerusalem Post attributed the attack to an allegedly Iran-linked threat actor that claimed responsibility for the attack. Multiple […]

Pierluigi Paganini February 25, 2022
US and UK details a new Python backdoor used by MuddyWater APT group

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group […]

Pierluigi Paganini February 23, 2022
Iranian Broadcaster IRIB hit by wiper malware

Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files […]

Pierluigi Paganini January 03, 2022
Israeli Media Outlets hacked on the anniversary of Soleimani killing

Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily newspaper publishing a picture of a fist firing a shell out of a ring with a red stone on a finger toward an […]

Pierluigi Paganini December 15, 2021
Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. Iran-linked APT group Seedworm (aka MERCURY, MuddyWater, TEMP.Zagros, or Static Kitten) is behind a new cyberespionage campaign targeting telecommunication and IT service providers in the Middle East and Asia, Symantec warns. The Seedworm has been active since at least […]

Pierluigi Paganini November 22, 2021
Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack. Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media reported. The airliner’s flight schedule was not affected by the cyberattack. “Our international and domestic flights are […]

Pierluigi Paganini October 27, 2021
Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch?

A cyberattack has disrupted gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) across Iran. A cyber attack has disrupted gas stations from the state-owned National Iranian Oil Products Distribution Company (NIOPDC) across Iran. The attack also defaced the screens at the gas pumps and gas price billboards. In multiple cities, the billboards […]