Tag Archive for: cyberspy

Iranian Cyberspy Caught on Zoom Trying to Hack U.S. Target

/in


iran hacker video phishing attempt iran-hacker-video.jpg - Credit: Adobe Stock

iran hacker video phishing attempt iran-hacker-video.jpg – Credit: Adobe Stock

Last month, a U.S. academic logged into a Zoom meeting with “Samuel Valable.” The academic had heard from “Valable” via a LinkedIn account, suggesting the two meet. When the academic logged on, the figure on the other end came through in grainy stills, blaming a bad internet connection for his lack of live footage. Midway through the conversation, he dropped what appeared to be a Google Books link into the Zoom chat. “This is the book that I use as my main material. It’s down here. I sent it in the little chat box,” says “Valable” in the video as a web link with the name “googlebook” appears in the Zoom chat window.

The academic became suspicious, and thanks to some quick thinking — and with the help of a group of cybersecurity researchers — they’ve captured the first-known public live action-recording of an Iranian cyber-spy at work.

More from Rolling Stone

The real Samuel Valable, a French biologist, was nowhere near the Zoom call. Instead, the academic was Zooming with a member of “Charming Kitten,” a cybersecurity industry nickname for a group of hackers affiliated with Iran’s Islamic Revolutionary Guard Corps intelligence organization. And the “Google Book” link was actually a phishing link designed to trick users into “signing in” to a real-looking Google Accounts page and steal their password.

The U.S. academic — who shared the story on the condition of anonymity — wasn’t fooled. Instead, they recorded the call and sent it to the Computer Emergency Response Team in Farsi (CERTFA), a cybersecurity research group that tracks Iranian hackers. The fake links used by the hackers pointed to infrastructure previously used by and attributed to Charming Kitten.   

Live action role playing by a trained, english-speaking impersonator over Zoom represents the next phase of an evolving Iranian hacking campaign. The “Distinguished Impersonator” tactic —  first identified by CERTFA  — moves past traditional tricks like phishing emails and instead present targets with a more reassuring lure—a talking, seemingly authentic representation of a trusted public…

Source…

If you can crack the code on the new 50 cent coin, the Australian cyber-spy agency wants to hear from you | Katherine Times

/in


A new 50 cent coin, released by the Royal Australian Mint today, celebrates the importance of code breaking and evolution of signals intelligence – and if you can work out what is written on the coin, the Australian cyber-spy agency wants to hear from you.

Source…

Cyberspy group repurposes 12-year-old Bifrose backdoor

/in

A group of hackers that primarily targets companies from key industries in Asia is using heavily modified versions of a backdoor program called Bifrose that dates back to 2004.

The group, which researchers from antivirus vendor Trend Micro call Shrouded Crossbow, has been targeting privatized government organizations, government contractors and companies from the consumer electronics, computer, healthcare, and financial industries since 2010.

The group’s activities are evidence that engaging in cyberespionage doesn’t always require huge budgets, stockpiles of zero-day vulnerabilities and never-before-seen malware programs. Old cybercrime tools can be repurposed and improved for efficient attacks.

To read this article in full or to leave a comment, please click here

Network World Security

Meet Red October, the latest cyber-spy malware for digital espionage

/in

In October 2012, Kaspersky Lab began looking into yet another digital espionage attack that has been ongoing since 2007. Yesterday, the security firm said the “Red October” campaign targeted “diplomatic and governmental agencies of various countries across the world, in addition to research institutions, energy and nuclear groups, and trade and aerospace targets” for the last five years. However, “Kaspersky…
Ms. Smith’s blog