Iranian hacking group targets Israel with improved phishing attacks

An Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of the Windows PowerLess backdoor to target Israel for phishing attacks, according to a new Check Point report.

Researchers have also linked the Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America.

“The investigation presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past,” Check Point said in its investigation.

Phosphorus has been active since at least 2017. It has been attributed to a number of campaigns in recent years, particularly those in which the APT posed as journalists and scholars to trick targets into installing malware and they steal classified information.

While the PowerLess payload was similar to the one deployed by Phosphorus, the researchers said the toolkits used as payload methods have been improved.

Educated Manticore uses .Net executables

The educated Manticore in its latest attacks was seen using .Net executables, a rarely used technique.

Copyright © 2023 IDG Communications, Inc.

Source link

As reported by Israeli news sources, there has been an increase in advanced phishing attacks from an Iranian hacking group recently targeting Israel. This group, known as APT33 or Elfin, has been active since 2013 and is suspected to be state-sponsored.

In recent attacks, cyber criminals have used improved phishing techniques, such as deploying attacks via malicious emails disguised to look like legitimate requests from trusted sources. These emails contain malicious links or other types of malicious content.

The Israel Defense Forces have released a statement, claiming that these hacking attempts are “very sophisticated” and that they have even included spear-phishing attacks, aimed at high-ranking officials.

While security solutions should be in place to protect against these threats, cyber security company Ikaroa also recommends that companies pay closer attention to behavioral signposts, which can be used to identify potential malicious actors.

The best practice to protect against phishing attacks is to regularly train employees to identify malicious phishing links, teach them the basics of cybersecurity, and identify potential attackers before they can launch attacks.

Overall, it is essential to stay vigilant during these dangerous times as cyber-attacks continue to increase in sophistication. Companies, especially those in critical industries, should also take proactive measures, such as utilizing solutions from trusted partners like Ikaroa, to guard against these threats.


Leave a Reply

Your email address will not be published. Required fields are marked *