TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Fitbit’s old-school, OLED-equipped Inspire 3 is down to just $80

    June 10, 2023

    Animoca Brands to Focus on Markets Outside U.S. after SEC Labels Sand Cryptocurrency an Unregistered Security

    June 8, 2023

    Wildfire smoke makes New York air quality worst in the world

    June 7, 2023
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Fitbit’s old-school, OLED-equipped Inspire 3 is down to just $80

      June 10, 2023

      Walmart’s taking a rare $20 off of a set of four AirTags

      June 1, 2023

      The M1 Pro 16-inch MacBook Pro with 1TB of storage is $800 off today

      May 22, 2023

      Google, how do I ask your AI the right questions?

      May 14, 2023

      Where to preorder The Legend of Zelda: Tears of the Kingdom

      May 6, 2023
    • Business
    • Cyber Security

      Hackers exploit bug in Elementor Pro WordPress plugin

      June 2, 2023

      15 million public-facing services vulnerable to CISA KEV flaws

      May 23, 2023

      HP to patch critical bug in LaserJet printers within 90 days

      May 15, 2023

      Hackers can open Nexx garage doors remotely, and there’s no fix

      May 7, 2023

      Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

      April 29, 2023
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Social Engineering»Iranian hacking group targets Israel with improved phishing attacks
    Social Engineering

    Iranian hacking group targets Israel with improved phishing attacks

    April 30, 2023Updated:April 30, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Iranian state-sponsored threat actor Educated Manticore has been observed deploying an updated version of PowerLess, a Windows backdoor, to target Israel for phishing attacks, according to a new report by Check Point.

    Researchers have also linked Educated Maticore hackers to the Phosphorus APT group, which operates in the Middle East and North America.

    “The research presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past,” Check Point said in its research.

    Phosphorus has been active since at least 2017. It has been linked to a series of campaigns in recent years, especially those wherein APT members posed as journalists and scholars to trick targets into installing malware and stealing classified information.

    While the PowerLess payload was similar to that deployed by Phosphorus, researchers said there have been improved toolsets used as loading methods.

    Educated Manticore uses .Net executables

    Educated Manticore in its latest attacks was seen using .Net executables, a rarely used technique.

    “The actor has significantly improved its toolset, utilizing rarely seen techniques, most prominently using .Net executables constructed as Mixed Mode Assembly – a mixture of .Net and native C++ code. It improves tools’ functionality and makes the analysis of the tools to be more difficult,” Check Point said in its report.

    The hacking group has also started using ISO images. The ISO images used by the threat actor are in English, Arabic, and Hebrew, with academic content about Iraq. Researchers said this suggests, “the targets might have been academic researchers.”

    The attack chain uses Iraq-themed lures

    The attack chain begins with an ISO image file that makes use of Iraq-themed lures to load a custom in-memory downloader.

    The ISO file claims that the academic information is from a nonprofit organization called the Arab Science and Technology Foundation. The ultimate function of the downloader is to install the PowerLess payload. 

    “PowerLess communication to the server is Base64-encoded and encrypted after obtaining a key from the server. To mislead researchers, the threat actor actively adds three random letters at the beginning of the encoded blob,” Check Point said in its report.

    The use of the PowerLess payload by Phosphorus was highlighted by Cybereason in February 2022. The PowerLess payload has the capability to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.

    Expect more post-infection activity

    Researchers have warned that the updated version of the malware can lead to more post-infection activities.

    “Because it is an updated version of previously reported malware, PowerLess, associated with some of Phosphorus’ Ransomware operations, it is important to note that it might only represent the early stages of infection, with significant fractions of post-infection activity yet to be seen in the wild,” Check Point said.

    Educated Manticore continues to evolve, refining previously observed toolsets and delivering mechanisms, Check Point said. “The actor is seen adopting popular trends to avoid detection and keeps developing custom toolsets using advanced techniques,” Check Point said in its report. 

    Copyright © 2023 IDG Communications, Inc.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Phishing remained the top identity abuser in 2022: IDSA report

    June 3, 2023 Social Engineering

    New hyperactive phishing campaign uses SuperMailer templates: Report

    May 24, 2023 Social Engineering

    New DownEx malware campaign targets Central Asia

    May 16, 2023 Social Engineering

    Malware disguised as ChatGPT apps are being used to lure victims, Meta says

    May 8, 2023 Social Engineering

    North Korean threat actor APT43 pivots back to strategic cyberespionage

    April 22, 2023 Social Engineering

    ZeroFox partners with Google Cloud to warn users against phishing domains

    April 14, 2023 Social Engineering
    Editors Picks

    Animoca Brands to Focus on Markets Outside U.S. after SEC Labels Sand Cryptocurrency an Unregistered Security

    June 8, 2023

    Wildfire smoke makes New York air quality worst in the world

    June 7, 2023

    Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG | CISA

    June 5, 2023

    Idaho hospitals working to resume full operations after cyberattack

    June 4, 2023
    Trending Now

    People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA

    By techbizweb

    Study tests the potential of two quantum machine learning algorithms for malware classification

    By techbizweb

    New hyperactive phishing campaign uses SuperMailer templates: Report

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.