Tag Archive for: tied

Fuel Crisis In Iran: Cyberattack Hits Petrol Pumps, Israel Tied To Hacking

/in


(MENAFN– AsiaNet News) A cyber crisis surfaced in Iran as a hacking group, purportedly from Israel, allegedly disrupted a significant portion of the country’s gas stations. Termed “Gonjeshke Darande” or “predatory sparrow,” this group reportedly executed a disabling maneuver, causing approximately 70% of Iran’s gas stations to cease operations, reported the Times of Israel.

The disruption, flagged as a probable case of sabotage involving cyberattacks, was highlighted on Iranian state TV. It attributed the station irregularities to a “software problem” and advised citizens against rushing to the operational stations.

‘What does Mark Zuckerberg know that we don’t?’: Meta boss’ secret bunker in Hawaii raises eyebrows (WATCH)

Previously, the Gonjeshke Darande faction had targeted a key steel company in Iran’s southwest in 2022. They also claimed responsibility for a cyber assault on the country’s fuel distribution system in 2021, which led to widespread station closures and extensive queues of frustrated motorists.

The hackers behind the recent incident asserted that they had systematically disabled gas pumps across Iran. Their motivation was cited as a reaction to what they deemed as the Islamic Republic’s aggressive actions in the region. Additionally, they issued a cautionary message to Khamenei, implying consequences for what they termed as playing with fire.

This development unfolds amidst escalated conflicts involving Iran-backed entities such as Hezbollah in Lebanon and the Houthis in Yemen, engaging in heightened hostilities against Israel, especially during the ongoing war with Hamas.

Iran has grappled with a slew of cyber assaults on various fronts, targeting its filling stations, railways, and industrial sectors. Instances of breaching surveillance cameras in government buildings, including prisons, have been reported in the past. Moreover, the country took measures to isolate much of its government infrastructure from the internet after the Stuxnet computer virus, believed to be a US-Israeli creation, disrupted thousands of Iranian centrifuges at nuclear sites in the late 2000s.

WATCH: The moment when sedan rammed into Biden’s…

Source…

Router botnet tied to Volt Typhoon’s critical infrastructure breaches

/in


Chinese threat group Volt Typhoon used a sophisticated botnet of unsecured home and small business routers to stealthily transfer data during a major campaign targeting U.S. critical infrastructure discovered earlier this year.

The group’s actions raised alarm in the intelligence community when they were first reported in May because of the breadth and potential impact of its attacks. Organizations across a range of sectors, including government, defense, communications, IT and utilities were targeted.

One victim was a critical infrastructure organization in the U.S. territory of Guam. There were fears the breach could be a precursor to an attack aimed at disrupting U.S. military capabilities in the nearby South China Sea.

KV-botnet comprised of end-of-life routers

In a Dec. 13 post, Lumen Technologies said following the discovery of the attacks, its Black Lotus Labs division discovered Volt Typhoon — and possibly other advanced persistent threat (APT) actors — had used a botnet as a data transfer network as part of its operations.

Dubbed KV-botnet, it was a network of mainly end-of-life infected small office/home office (SOHO) routers made by Cisco, DrayTek and Netgear.

“The KV-botnet features two distinct logical clusters, a complex infection process and a well-concealed command-and-control (C2) framework,” the researchers said. “The operators of this botnet meticulously implement tradecraft and obfuscation techniques.”

There were several advantages of building a botnet from older SOHO routers, they said, including the large number available, the lack of security measures and patching they were subjected to, and the significant data bandwidth they could handle without raising suspicion.

“Additionally, because these models are associated with home and small business users, it’s likely many targets lack the resources and expertise to monitor or detect malicious activity and perform forensics.”

In a separate statement, Lumen said KV-botnet had enabled Volt Typhoon to maintain secret communication channels that merged with normal network traffic, avoiding security barriers and firewalls.

“This botnet was essential for their strategic intelligence collection operations,…

Source…

Hack of Egyptian presidential candidate’s iPhone tied to tech firm Sandvine

/in


Attempts to hack the iPhone of a presidential candidate in Egypt have been linked to the computer networking company Sandvine Inc., whose equipment has previously been used by Belarus and other countries to censor the internet.

Ahmed Eltantawy, a prominent opposition politician, was repeatedly targeted with spyware between May and September after he announced his plans to run in Egypt’s 2024 presidential elections.(REUTERS)
Ahmed Eltantawy, a prominent opposition politician, was repeatedly targeted with spyware between May and September after he announced his plans to run in Egypt’s 2024 presidential elections.(REUTERS)

Ahmed Eltantawy, a prominent opposition politician, was repeatedly targeted with spyware between May and September after he announced his plans to run in Egypt’s 2024 presidential elections, according to an analysis from the University of Toronto’s Citizen Lab. After conducting a forensic examination of the device, the researchers concluded with “high confidence” that the Egyptian government was behind the attempted hacks.

His phone blocked the hacking attempts because it was in a “lockdown mode,” but it turned out he had been successfully infected two years earlier with a spyware known as Predator, manufactured by North Macedonian surveillance technology firm Cytrox, the researchers found. That hack was carried out via a text message containing a link to a Predator website, according to the researchers.

In the attempted hacks, Eltantawy was lured into clicking links contained in fake security alerts that purported to be from the messaging service WhatsApp. His phone was silently redirected to a malicious website, and spyware was supposed to be “injected” onto his phone with the help of technology sold by Sandvine, according to Citizen Lab’s report.

“The use of mercenary spyware to target a senior member of a country’s democratic opposition after they had announced their intention to run for president is a clear interference in free and fair elections,” Citizen Lab wrote in its report.

Sandvine “does not make, sell or collaborate with spyware or malware vendors,” according to an emailed statement provided to Bloomberg, which also said its products were not “capable of injecting malware or spyware.” The statement referred instead to a technique called “packet redirection,” which it said was a capability “sold by all…

Source…

Hack of Egyptian Politician’s iPhone Tied to Tech Firm Sandvine

/in


(Bloomberg) — A hack that compromised the iPhone of a presidential candidate in Egypt has been linked to the computer networking company Sandvine Inc., whose equipment has previously been used by Belarus and other countries to censor the internet.

Most Read from Bloomberg

Ahmed Eltantawy, a prominent opposition politician, had his phone breached between May and September after he announced his plans to run in Egypt’s 2024 presidential elections, according to an analysis from the University of Toronto’s Citizen Lab. After conducting a forensic examination of the device, the researchers concluded with “high confidence” that the Egyptian government was behind the hack.

Eltantawy’s phone was infected with a spyware known as Predator, manufactured by North Macedonian surveillance technology firm Cytrox, the researchers found. He was lured into clicking links contained in fake security alerts that purported to be from the messaging service WhatsApp. His phone was silently redirected to a malicious website, and spyware was “injected” onto his phone with the help of technology sold by Sandvine, according to Citizen Lab’s report.

Sandvine “does not make, sell or collaborate with spyware or malware vendors,” according to an emailed statement provided to Bloomberg, which also said its products were not “capable of injecting malware or spyware.” The statement referred instead to a technique called “packet redirection,” which it said was a capability “sold by all major vendors in the space and used millions of times a day.”

“Sandvine makes products for telecom companies that enable the internet to function and to ensure that citizens have high quality access to information worldwide,” according to the statement.

Representatives from Cytrox and the Egyptian government didn’t respond to requests for comment.

Sandvine, originally founded in Canada, was acquired by San Francisco-based private equity firm Francisco Partners and combined with Procera Networks in 2017, in a deal worth $444 million. The company makes equipment, known as “deep packet inspection” technology, that can be used to manage massive flows of internet traffic passing between networks. The…

Source…