![]() “In 2018, the code was very simple, but it has become very sophisticated. “The malware has evolved a lot over the years,” Dahan noted. The authors of ShellClient invested a lot of effort into making it stealthy to evade detection by antivirus and other security tools by leveraging multiple obfuscation techniques and recently implementing a Dropbox client for command and control, making it very hard to detect. The campaign leverages a very sophisticated and previously undiscovered Remote Access Trojan (RAT) dubbed ShellClient that evades antivirus tools and other security apparatus and abuses the public cloud service Dropbox for command and control (C2), the report said. ![]() We don’t know how many victims there were before 2018.” Affected organizations and relevant security officials had been updated by it on the attack, but the extent of the actual damage caused has not yet been clarified, Cybereason said. We assess that they have been able to exfiltrate large amounts of data over the years- gigabytes, or even terabytes. The fact that they were able to stay under the radar for three years shows their level of sophistication. ![]() “While other Iranian groups are involved with more destructive acts, this one is focused on gathering information. “This was a very sophisticated operation that has all the hallmarks of a state-sponsored attack,” Dahan said. The potential risk inherent in such an assault campaign is large and significant for the State of Israel and may pose a real threat. This is a sophisticated Iranian attacker who acted professionally according to a considered and calculated strategy. “From the few traces left behind by the attackers, it is clear that they acted carefully and selected their victims thoroughly. Deep investigative work found that this is just one part of an entire Iranian intelligence campaign that has been conducted in secret and under the radar for the past three years. “During the incident and after installing our technology on the organization’s computers, we identified sophisticated and new damage that has yet to be seen or documented. “The investigation began after Cybereason’s Incident Response Research Team was called in to assist one of the attacked companies,” Dahan said. The campaign has been running since at least 2018, and has likely succeeded in gathering large amounts of data from carefully chosen targets, Dahan said. Cybereason identified the previously unknown state actor, dubbed MalKamak, running a sophisticated new form of malware that was previously unknown, during an incident response call for one of its clients, said Assaf Dahan, head of the cyberthreat research group at Cybereason. Shafaq News/ Iranian threat actors are running a highly targeted cyberespionage operation against global aerospace and telecommunications companies, stealing sensitive information from targets around Israel and the Middle East, as well as in the United States, Russia and Europe, according to a report published Wednesday by Israeli cybersecurity company Cybereason.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |