Hacking Group Linked To Hezbollah Reportedly Hacked Into Telecoms and ISPs Around The World

/in


News Highlights: Hacking Group Linked To Hezbollah Reportedly Hacked Into Telecoms and ISPs Around The World.

Lebanese Cedar, a Hezbollah-affiliated group, is accused of hacking atlas 250 telecom operators and internet providers in several countries, notably the US, Lebanon, UK, Saudi Arabia, Israel, Egypt, Jordan, UAE and Palestinian Authority,.

According to ClearSky Security, shady network activities and hacking tools were found across a spectrum of businesses in early 2020.

“Extensive forensics of the infected systems revealed a strong connection to a threat actor we call ‘Lebanese cedar’ who has been active since 2012,” the cybersecurity agency said in their report. report published on Thursday.

According to the report, the goal of the Hezbollah-affiliated group is to gather intelligence and steal databases.

“The attacks followed a simple pattern. Lebanese Cedar operators used open-source hacking tools to scan the Internet for unparalleled Atlassian and Oracle servers, then use exploits to access the server and install a web shell for future access, ”explains ClearSky.

Adding that “the Hezbollah-linked group then used these web shells to attack a company’s internal network, from which they exfiltrated private documents.”

Credits: Clearsky

ClearSky revealed that once the group gained access, they installed web shells (ASPXSpy, Caterpillar 2, Mamad Warning) as well as an open-source tool called JSP File Browser.

On internal networks, the attackers deployed a tool called the Explosive remote access trojan (RAT), which specializes in data interception, ClearSky said.

ClearSky noted that they were able to link the hacks of the Hezbollah cyber unit because the Explosive RAT’s tool was used exclusively by the Lebanese Cedar group until now.

Mistakes made by the Hezbollah-affiliated group, such as reusing files during break-ins, also made it easier for ClearSky researchers to track the attacks around the world and link them to the group.

Credits: Clearsky

ClearSky has published a list of some of the victims of the hack, including SaudiNet in Saudi Arabia, Vodafone Egypt, Frontier Communications in the US and Etisalat UAE.

Extensive details can be read in it cyber security…

Source…