Hackers affiliated with the Iranian Ministry of Intelligence and Security are taking advantage of various security vulnerabilities to carry out cyber espionage or other attacks against organizations around the world.
Addressing the issue, US and British officials have been warning Iranian hackers.
A statement from the Federal Bureau of Investigation (FBI), the Cyber Security and Infrastructure Security Agency (CISA), the US Cyber Command Cyber National Mission Force (CNMF), and the UK’s National Cyber Security Center (NCSC) said: It is mentioned that the hacking group known as that is increasing the scope of its attack.
The attacks targeted telecommunications, defense, local government, and oil and natural gas companies in Asia, Africa, Europe, and North America.
According to the release, through such attacks, hackers have been stealing the passwords of the concerned organization or person and obtaining sensitive information. “Even though the state is protected, such hacking is like any other bad hacking,” the statement said.
In this way, they not only provide access to sensitive data but also install ransomware on the devices of the person or organization concerned.
Most of these attacks have been found to be phishing attacks. They have been carrying out activities like downloading zip files on the victim’s device through phishing attacks. It is also found that they install malware on the device.
Hacking campaigns such as Muddywater have been found to use a wide variety of malware loaders. Among them are loaders including the new version of malware PowGoop.
Python’s backdoor system has also been found to be attacked using ‘Small Siv’. The malware is installed on the system by naming the file associated with Microsoft’s Windows Defender.
This prevents the user from detecting the malware. The release states that hackers such as Muddywater are attacking using malware such as loaders or backdoors.
The statement added that Iranian hackers were also using “canopy” malware. In this system, hackers gain access to the victim’s password through phishing emails.
Agencies have also discovered a new PowerShell backdoor malware, dubbed ‘Lightweight’. It connects the controlled device to the control server.
Iranian hackers are said to be carrying out such attacks, taking advantage of security vulnerabilities in various operating systems, software, and firmware.