TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Missile strikes rekindle fear among Kyivans as Moscow renews attacks

    July 2, 2022

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022

    The end of the frictionless life

    July 2, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Twitch is testing channel surfing

      July 2, 2022

      You can now play the “all your base are belong to us” game on your Switch

      July 2, 2022

      There’s a better way to bypass Windows 11 install restrictions

      July 2, 2022

      What is the best controller for Xbox consoles?

      July 1, 2022

      The GPU shortage is over

      July 1, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Iran-Linked Hackers Use Array of Tools to Steal Data: FireEye
    Cyber Security

    Iran-Linked Hackers Use Array of Tools to Steal Data: FireEye

    January 29, 2019Updated:January 29, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    An Iran-linked cyber-espionage group responsible for widespread theft of data is using a broad range of custom and off-the-shelf tools, FireEye security researchers say. 

    Referred to as APT39, the group has been tracked since November 2014 and its activities largely align with the Chafer group, as well as with the OilRig cyberspies. Unlike other groups operating out of Iran, however, APT39 hasn’t been linked to influence operations, disruptive attacks, and other threats.

    APT39 mainly targets the telecommunications and travel industries, likely aiming “to perform monitoring, tracking, or surveillance operations against specific individuals, collect proprietary or customer data for commercial or operational purposes that serve strategic requirements related to national priorities, or create additional accesses and vectors to facilitate future campaigns.”

    The group has been created to bring together previous activities and methods used by the actor, FireEye notes in a report shared with SecurityWeek. 

    The hackers primarily use the SEAWEED and CACHEMONEY backdoors and a specific variant of the POWBAT backdoor, while concentrating activities in the Middle East, despite global targeting scope (U.S. and South Korea). 

    The actor has been also targeting high-tech industry and government entities. This suggests the group is also attempting to collect geopolitical data, but its key mission most likely remains the tracking or monitoring of targets of interest. 

    “We have moderate confidence APT39 operations are conducted in support of Iranian national interests based on regional targeting patterns focused in the Middle East, infrastructure, timing, and similarities to APT34, a group that loosely aligns with activity publicly reported as ‘OilRig’,” FireEye says. 

    Despite employing similar malware distribution methods, infrastructure nomenclature, targeting overlaps, and the POWBAT backdoor, APT39 appears different from APT34 due to the use of a different variant of the backdoor. However, the researchers note that the two groups could be working together or sharing resources at some level.

    For initial compromise, the group uses spear-phishing emails carrying malicious attachments or URLs that usually lead to a POWBAT infection. The group targets vulnerable web servers of organizations to install web shells such as ANTAK and ASPXSPY and steal credentials for further compromise. 

    Post-infection, customer backdoors such as SEAWEED, CACHEMONEY, and a unique variant of POWBAT are used to establish a foothold in a target environment. Tools such as Mimikatz and Ncrack are also being used, along with legitimate tools such as Windows Credential Editor and ProcDump and the port scanner BLUETORCH.

    For lateral movement, the group employs tools such as Remote Desktop Protocol (RDP), Secure Shell (SSH), PsExec, RemCom, and xCmdSvc. It was also observed using custom tools as REDTRIP, PINKTRIP, and BLUETRIP to create SOCKS5 proxies between infected hosts. Stolen data is usually compressed using WinRAR or 7-Zip.

    “APT39’s targeting not only represents a threat to known targeted industries, but it extends to these organizations’ clientele, which includes a wide variety of sectors and individuals on a global scale. APT39’s activity showcases Iran’s potential global operational reach and how it uses cyber operations as a low-cost and effective tool to facilitate the collection of key data on perceived national security threats and gain advantages against regional and global rivals,” FireEye concludes. 

    Related: Israel Blocks Iran Cyber-attacks ‘Daily’

    Related: Iran-Linked DNS Hijacking Attacks Target Organizations Worldwide

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022

    The end of the frictionless life

    July 2, 2022

    Twitch is testing channel surfing

    July 2, 2022

    You don’t need a crowd for a communal moment

    July 2, 2022
    Trending Now

    Klarna valuation crashes to $6.5bn from $46bn

    By techbizweb

    The GPU shortage is over

    By techbizweb

    Google closes data loophole amid privacy fears over abortion ruling

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.