Tag: iran
US Sanctions 6 Iranian Officials for Cyber Espionage Attacks – February 5th
The US Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions placed on six Iranian officials behind cyberattacks on US critical infrastructure entities. The Treasury Department further stated all six officials have strong involvement in US critical infrastructure attacks using Israel-made programmable logic controllers and are suspected to span the water, healthcare, and public sectors.
Iran targets Western journalists
Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East. “Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft. The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.
US White House Issues Executive Order to Improve Nation’s Cybersecurity – December 22nd
On December 21st, the U.S. White House issued Executive Order (EO) 14028, "Executive Order on Improving the Nation's Cybersecurity," which emphasized modernizing cybersecurity infrastructure by coding in more secure ways. A more detailed excerpt from the Executive Order stated; "Software engineers, developers, and coders must build secure code and security controls into the code they create. They need to make security by design and security by default software-design requirements."
3,500 Cybercriminals Arrested by Law Enforcement – December 21st
Over 3,500 cybercriminals were arrested and $300M worth of assets were seized by Europol, the South Korean government, along with cooperation from law enforcement agencies from 34 countries on a large-scale sting operation labeled "HAECHI IV". The operation spanning from July to December 2023, targeted predominantly email, e-commerce, and investment cyber fraudsters.
‘Predatory Sparrow’ Cyberattack Shuts Down 70% of Iran’s Gas Stations – December 19th
Threat actor group Gonjeshke Darande, which translates to “Predatory Sparrow” claimed the cyberattacks against Iranian petrol stations, rail networks, and steel factories, according to Iranian State Media. 'Predatory Sparrow', speculated to be linked to Israel, explains the attack to be in response to "the aggression of the Islamic Republic and its proxies in the region".
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
Europol Urges Police to Prepare for Quantum Computing – October 26th
Europol released a statement directed to European law enforcement agencies to prepare for the impact quantum computing will have on the cybersecurity ecosystem. This warning is based on Europol's latest report, "The Second Quantum Revolution: The Impact of Quantum Computing and Quantum Technologies on Law Enforcement" which dives into the threats and opportunities of quantum computing to threat actors.
Three-quarters of SMBs hit by serious cyber-attacks
Roughly three-quarters of small-to-medium-sized businesses (SMBs) have experienced a cyber-attack, a breach, or both in the last year. According to non-profit organization the Identity Theft Resource Center (ITRC)’s third annual ITRC Business Impact Report, 73 percent of owners or leaders of SMB’s reported being attacked or breached in the past 12 months, following a slight dip in the previous year.
Beware of Death by a Billion Bots
US corporations lose an average of 4.3 percent of their online revenues to malicious ‘bots,’ malware designed to resemble human communications. Malware attacks of this nature accounts for an average annual loss of $86.5 million a year for corporations with average annual online revenues of $1.9 billion, according to a new report from cybersecurity firm Netacea, “Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation”.
GhostSec exposes Iran’s surveillance of its citizens – August 28th
Hackers hold Prospect Medical's data 'hostage' Hacker group Rhysida has been identified