Tag: iran
-
Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
by
in SecurityNewsWhile Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/israel-stage-3-cyber-wars-with-iran-proxies
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
by
in SecurityNewsThe Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
New IOCONTROL Malware Let Attackers Control Critical Infrastructure Gain Remote Access
by
in SecurityNewsA new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli and pro-Iranian hacktivist group >>Cyber Av3ngers.
-
Windows Shortcut-Exploit seit 2017 von staatlichen Hackers als 0-Day genutzt
by
in SecurityNewsSicherheitsforscher der Trend Micro Zero Day Initiative (ZDI) weisen auf eine 0-Day-Schwachstelle ( ZDI-CAN-25373) in Windows hin, die wohl seit 2017 von 11 staatlich unterstützten Hackergruppen aus Nordkorea, Iran, Russland und China ausgenutzt wird. Microsoft hat die Schwachstelle in Verknüpfungsdateien … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/20/windows-shortcut-exploit-seit-2017-von-staatlichen-hackers-als-0-day-genutzt/
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
by
in SecurityNewsAt least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
by
in SecurityNews
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
New Windows zero-day exploited by 11 state hacking groups since 2017
by
in SecurityNewsAt least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
by
in SecurityNewsAn unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
Groups From China, Russia, Iran Hitting OT Systems Worldwide
by
in SecurityNewsThreat Groups Are Mapping OT Networks for Future Targeting, Warns Dragos. A China-linked threat group called Voltzite is targeting operational technology systems at critical infrastructure organizations worldwide to steal network diagrams, OT operating instructions and information about geographic information systems, said cybersecurity firm Dragos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/groups-from-china-russia-iran-hitting-ot-systems-worldwide-a-27722
-
Russland, China, Nordkorea und der Iran – Staaten profitieren durch finanziell motivierte Cyberkriminalität
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/google-mandiant-anstieg-finanziell-motivierter-cyberangriffe-a-74abaf676d92e40033d97f21784161f4/
-
CISOs müssen OT-Risiken stärker adressieren
by
in SecurityNews
Tags: china, ciso, cyber, cyberattack, exploit, firewall, hacker, infrastructure, Internet, iran, kev, kritis, military, ransomware, risk, technology, update, vulnerabilityDa Angriffe auf OT-Bereiche zunehmen, sollten CISOs einen Exposure-Management-Ansatz verfolgen.Die Bedrohungen gegen die Betriebstechnik (Operational Technology, OT) der kritischen Infrastruktur (KRITIS) verschärfen sich kontinuierlich. China baut offensive Komponenten in amerikanische Militär- und Unternehmensnetzwerke ein. Zudem haben chinesische Hacker Telekommunikationsunternehmen und Internetdienstleister infiltriert, um Zivilisten auszuspionieren. Seit etlichen Jahren, also bereits deutlich vor dem Angriffskrieg, greift…
-
Breach Roundup: US Sanctions Iran-Based Nemesis Admin
by
in SecurityNewsAlso, BianLian Ransomware Hackers Aren’t Really Mailing You. This week, the U.S. sanctioned the Nemesis admin, Poco RAT spotted in Latin America, Apple challenged a British order to weaken encryption and the FBI warned against scam letters purportedly from BianLian. Also, a Nigerian tax scammer extradited to the U.S., a new botnet and a Webex…
-
Identifying Cyber Attack Patterns Through Threat Actor Infrastructure Analysis
by
in SecurityNewsKudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat actor infrastructure, providing valuable insights into cyber attack patterns and attribution techniques. Decoding Threat Actor Infrastructure: A Case Study The research team demonstrated their approach using a phishing campaign targeting U.S. and Israeli government officials, attributed to the Iranian group…
-
Iranian Hackers Target UAE Firms With Polyglot Files
by
in SecurityNewsAn Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano. The post Iranian Hackers Target UAE Firms With Polyglot Files appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/iranian-hackers-target-uae-firms-with-polyglot-files/
-
U.S. Cracks Down on Nemesis Darknet Admin with New Treasury Sanctions
by
in SecurityNewsThe U.S. Department of the Treasury has intensified its global campaign against darknet-facilitated drug trafficking by sanctioning Behrouz Parsarad, the Iran-based administrator of the notorious Nemesis Marketplace. The move, announced on March 5, 2025, follows a 2024 international law enforcement operation that dismantled the platform, which enabled over $30 million in illicit drug sales”, including…
-
US Sanctions Iranian Administrator of Nemesis Darknet Marketplace
by
in SecurityNewsIranian national Behrouz Parsarad sanctioned for running Nemesis, a marketplace used for narcotics trafficking and cybercrime. The post US Sanctions Iranian Administrator of Nemesis Darknet Marketplace appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/us-sanctions-iranian-administrator-of-nemesis-darknet-marketplace/
-
Iran linked to more than 20 plots to kill or kidnap British citizens and residents
by
in SecurityNewsThe Iranian regime “has become increasingly emboldened, asserting itself more aggressively,” including kidnapping and murder plots, said Dan Jarvis, the U.K. government’s security minister. First seen on therecord.media Jump to article: therecord.media/iran-britain-kidnapping-murder-plots-dan-jarvis-mi5
-
More than 86K IoT devices compromised by fast-growing Eleven11 botnet
by
in SecurityNewsThe Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/86000-iot-compromised-eleven11-botnet/741507/
-
Treasury sanctions Iranian national behind defunct Nemesis darknet marketplace
by
in SecurityNewsThe Iran-based administrator behind a darknet marketplace was sanctioned by the Treasury Department on Tuesday, one year after the platform was taken down in a law enforcement operation. First seen on therecord.media Jump to article: therecord.media/iran-national-sanctioned-nemesis-marketplace
-
Suspected Iran-backed hackers target UAE with newly discovered ‘Sosano’ malware
by
in SecurityNewsResearchers say they spotted new backdoor malware that suspected Iranian regime-backed hackers have aimed at sectors such as aviation, satellite communications and critical transportation infrastructure in the United Arab Emirates. First seen on therecord.media Jump to article: therecord.media/sosano-malware-targets-uae-iran-suspected
-
Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector
by
in SecurityNewsThreat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano.The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October First seen…
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
by
in SecurityNews
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
-
Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms
by
in SecurityNewsResearchers from Nokia Deepfield and GreyNoise warn the botnet has grown to more than 30,000 devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/massive-iran-botnet-ddos-telecom/741359/
-
Microsoft Names Suspects in Lawsuit Against AI Hackers
by
in SecurityNewsIn a lawsuit targeting cybercriminals who abuse AI services, Microsoft has named individuals from Iran, the UK, China and Vietnam. The post Microsoft Names Suspects in Lawsuit Against AI Hackers appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-names-suspects-in-lawsuit-against-ai-hackers/
-
Nico Lange: ‘Cybersicherheit ist eine Frage der Verteidigung”
by
in SecurityNews
Tags: ai, china, conference, cyberattack, cybercrime, cyersecurity, germany, governance, government, infrastructure, iran, north-korea, risk, ukraine, usaMunich Security Conference Live Studio powered by APCO in Munich, Germany on February 15, 2025. (Photo by Christopher Pike / christopherpike.com) APCO.Welches sind laut dem Münchner Sicherheitsindex die größten Risiken für Europa im Jahr 2025?Nun, ich denke, das größte Risiko besteht in der sogenannten Multipolarisierung. Europa wird Schwierigkeiten haben, sein Geschäftsmodell fortzuführen, das auf den…
-
APT Groups Using Ransomware ‘Smokescreen’ for Espionage
by
in SecurityNewsRussian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators. Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities. First seen on govinfosecurity.com Jump to article:…
-
Threat Actors in Russia, China, and Iran Targeting Local communities in the U.S
by
in SecurityNewsForeign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion and destabilize local communities across the United States. These campaigns, once primarily focused on national-level politics, have increasingly targeted state and local governments, community groups, and individuals. Leveraging advanced technologies such as generative artificial intelligence (AI), these actors aim to…