Information Security News mailing list archives
Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again - research
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 6 Dec 2019 08:46:04 +0000 (UTC)
https://www.theregister.co.uk/2019/12/05/iran_zerocleare_attack/ By Shaun Nichols in San Francisco The Register 5 Dec 2019An Iran-based hacking crew long known to target energy facilities in neighboring Middle Eastern countries is believed to be launching new attacks.
The team at IBM's X-Force said an actively spreading malware package dubbed ZeroCleare looks to be in part the work of APT34, a hacking crew commonly accepted to be operating out of Iran.
According to researchers, APT34 and another crew from Iran have been using poisoned VPN nodes to get onto machines located at energy facilities in the region. In at least one case so far, they were successful.
"The attack timeline may have begun as early as Autumn of 2018 with reconnaissance scanning from various low-cost/free VPN providers and gaining access to one of the accounts that was later involved in the attack," the X-Force report reads.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again - research InfoSec News (Dec 06)