Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms

March 28, 2019
in Internet Privacy
Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.

You might also like

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide range of organizations, including government, research, chemical, engineering, manufacturing, consulting, finance, and telecommunications in the Middle East and other parts of the world.

Symantec started monitoring Elfin’s attacks since the beginning of 2016 and found that the group has launched a heavily targeted campaign against multiple organizations with 42% most recent attacks observed against Saudi Arabia and 34% against the United States.

Elfin targeted a total of 18 American organizations in the engineering, chemical, research, energy consultancy, finance, IT and healthcare sectors over the past three years, including a number of Fortune 500 companies.

“Some of these U.S. organizations may have been targeted by Elfin for the purpose of mounting supply chain attacks,” Symantec said in its blog post. “In one instance, a large U.S. company was attacked in the same month a Middle Eastern company it co-owns was also compromised.”

Hackers Still Exploiting Recently Discovered WinRAR Flaw

The APT33 group has also been exploiting a recently disclosed, critical vulnerability (CVE-2018-20250) in the widely used WinRAR file compression application that lets attackers silently extract malicious files from a harmless archive file to a Windows Startup folder, eventually allowing them to execute arbitrary code on the targeted computer.

The vulnerability was already patched by the WinRAR team last month but was found actively exploited by various hacking groups and individual hackers immediately after its details and proof-of-concept (PoC) exploit code went public.

In the APT33 campaign, the WinRAR exploit was used against a targeted organization in the chemical sector in Saudi Arabia, where two of its users received a file via a spear-phishing email that attempted to exploit the WinRAR vulnerability.

Though Symantec is not the only firm that spotted attacks exploiting the WinRAR flaw, security firm FireEye also identified four separate campaigns that have been found exploiting the WinRAR vulnerability to install password stealers, trojans and other malicious software.

What’s more? APT33 has deployed a wide range of tools in its custom malware toolkit including the Notestuk backdoor (aka TURNEDUP), the Stonedrill Trojan and a malware backdoor written in AutoIt.

Besides its custom malware, APT33 also used several commodity malware tools, including Remcos, DarkComet, Quasar RAT, Pupy RAT, NanoCore, and NetWeird, along with many publicly available hacking tools, like Mimikatz, SniffPass, LaZagne, and Gpppassword.

APT33/Elfin Links to Shamoon Attacks

In December 2018, the APT33 group was linked to a wave of Shamoon attacks targeting the energy sector, one of which infected a company in Saudi Arabia with the Stonedrill malware used by Elfin.

“One Shamoon victim in Saudi Arabia had recently also been attacked by Elfin and had been infected with the Stonedrill malware used by Elfin. Because the Elfin and the Shamoon attacks against this organization occurred so close together, there has been speculation that the two groups may be linked,” Symantec said.

“However, Symantec has found no further evidence to suggest Elfin was responsible for these Shamoon attacks to date. We continue to monitor the activities of both groups closely.”

In late 2017, cybersecurity company FireEye said it found evidence that APT33 works on behalf of the Iranian government, and that the group has successfully targeted aviation sector—both military and commercial—along with organizations in the energy sector.

Symantec described APT33 as “one of the most active groups currently operating in the Middle East” targeting a diverse range of sectors, with “willingness to continually revise its tactics and find whatever tools it takes to compromise its next set of victims.”


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

The next big step for FMCG businesses: Machine Learning

Next Post

Cisco bungled RV320/RV325 patches, routers still exposed to hacks

Related Posts

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Internet Privacy

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

April 15, 2021
Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves
Internet Privacy

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

April 14, 2021
Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
Internet Privacy

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

April 14, 2021
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Internet Privacy

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

April 14, 2021
Detecting the “Next” SolarWinds-Style Cyber Attack
Internet Privacy

Detecting the “Next” SolarWinds-Style Cyber Attack

April 14, 2021
Next Post
Cisco bungled RV320/RV325 patches, routers still exposed to hacks

Cisco bungled RV320/RV325 patches, routers still exposed to hacks

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Internet Privacy

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

April 15, 2021
Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization
Machine Learning

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization

April 14, 2021
Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021
Neural Networks

Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021

April 14, 2021
The Search Engine Land Awards are open: Wednesday’s daily brief
Digital Marketing

The Search Engine Land Awards are open: Wednesday’s daily brief

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer April 15, 2021
  • Microsoft Defender for Endpoint now protects unmanaged BYO devices April 15, 2021
  • New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks April 15, 2021
  • Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates