![]() ![]() Defenders must pay attention to global events that may spark this type of activity.” Rethinking Skills and Training for Tech Pros and Employees “Also, attacks conducted by the direction or in alignment with a nation-state will be done with a strategic objective in mind and will sometimes be executed in an attempt to influence or respond to geo-political activities happening in the world. They need to continue to monitor trusted threat intelligence sources to understand the adversary’s that they need to guard against,” Michael DeBolt, chief intelligence officer at Intel 471, told Dice. “It is important for organizations to understand their particular risk profile against the various adversarial nation-states to determine the likelihood of being targeted. With the rise in global tensions paired with fears of inflation, recession and war, criminal hacking gangs of all kinds likely have no interest in slowing down or stopping operations.”įor cybersecurity and technology professionals looking to protect their organizations, these types of nation-state threats are more difficult to detect than financially-motivated groups, since espionage requires long-term strategic planning and the ability to remain undetected within compromised networks. “Cyber professionals must always remain vigilant, as bad actors are opportunistic. ![]() Just like any organized group, their persistence is key to their success, both in the long term and short term,” Aubrey Perin, lead threat intelligence analyst at Qualys, told Dice. “If you zoom out and look at the full scope of nation-state activity, Iran has not slowed their efforts. This, in turn, should make technology professionals take notice. While Russia and China tend to dominate the headlines when it comes to various nation-state cyber threats- Russia’s recent military invasion of Ukraine has raised the specter of large-scale cyberattacks-countries like Iran and North Korea tend to run under the radar but continue to develop fresh techniques. Proofpoint has previously observed this technique from advanced business email compromise actors such as TA2520, but TA453’s use of MPI is intriguing because it is being used in very targeted attacks and for espionage purposes.” Iranian Threats “This latest innovation has resulted in their use of multi-persona impersonation-MPI. “As more awareness and reporting on the group has hardened their traditional targets and increased awareness of them as a threat, TA453 has been forced to innovate their techniques,” DeGrippo recently told Dice. This type of campaign shows Iran is deploying even more complex and intricate techniques to help disguise its motivations, said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint. What made this campaign unusual is that the spear-phishing emails used multiple fake personas to help make the message seem more legitimate. In the case of social-engineering campaigns, researchers concluded the operation is tied to an Iranian state-sponsored threat actor that the company calls TA453, which is also known by the names Charming Kitten or APT42. In this case, attackers spoofed email addresses associated with legitimate organizations to target individuals to gather intelligence on a range of topics, including nuclear arms control. Also in September, security firm Proofpoint detailed a sophisticated social-engineering campaign allegedly tied to Iran’s Revolutionary Guard Corps.Attorney’s Office in New Jersey unsealed an indictment that charged three Iranian nationals with attacking “hundreds” of networks inside and outside the U.S., including health care organizations and government entities and trying to extort victims using ransomware. Cybersecurity and Infrastructure Security Agency issued a joint statement attributing the attack to a group linked to Iran’s government, noting the incident involved “a ransomware-style file encryptor and disk wiping malware.” A large-scale ransomware attack first detected in July targeted infrastructure within Albania’s government, which led the country (a NATO member) to cut diplomatic ties with Iran.Since July, Iranian cyber groups have been linked to several significant cybersecurity incidents, including: Threat groups associated with the country’s government have demonstrated the ability to conduct destructive operations as well as cyber-espionage campaigns. While not at the same level as Russia and China, Iran’s cyber capabilities have increased and improved over the years. Over the past three months, authorities have issued warnings about connections between various Iranian threat groups and several significant cybersecurity incidents, including multiple ransomware attacks and a sophisticated social-engineering scheme targeting various groups and individuals. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |