Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Iranian hacking group built its own VPN network

November 14, 2019
in Internet Security
Iranian hacking group built its own VPN network
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

One of Iran’s elite state-sponsored hacking groups has built and has been operating its own private network of VPN nodes, which they’ve using to connect to hacking infrastructure, perform reconnaissance on future targets, and even casual web browsing, according to research published today by cyber-security firm Trend Micro.

The group, tracked in cyber-security circles under the codename of APT33, is, by far, Iran’s most sophisticated hacking unit.

You might also like

Who do I pay to get the ‘phone’ removed from my iPhone?

Criminals spread malware using website contact forms with Google URLs

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

They are the ones who developed the disk-wiping malware known as Shamoon (DistTrack) that destroyed over 35,000 workstations at Saudi Arabia’s Saudi Aramco in 2012.

Recently, the group has resurfaced with new attacks, primarily targeting the oil and aviation industries, and even deploying a new version of the Shamoon malware, late last year.

In 2019, APT33 operations have relied on classic spear-phishing operations and sometimes on the use of a clever Outlook vulnerability.

Per Trend Micro, confirmed APT33 infections in 2019 include a private American company that offers services related to national security, victims connected to a university and a college in the US, a victim most likely related to the US military, and several victims in the Middle East and Asia.

Tracking down APT33’s infrastructure

But researchers say that while investigating these hacks, they were able to gain insight into how APT33 manages its hacking infrastructure.

According to researchers, everything is layered and isolated, to keep APT33 operators underneath a cloak of secrecy from incident responders.

Based on a hand-drawn schema shared by Trend Micro researchers, there are four layers between APT33 operators and their targets.

  • VPN layer — a custom-built network of VPN nodes to hide the operator’s real IP address and location
  • Bot Controller layer — an intermediary layer of servers
  • C&C Backend layer — the actual backend servers through which the group manages its malware botnets
  • Proxy layer — a collection of cloud proxy servers through which C&C (command-and-control) servers hide from infected hosts
apt-nfrastructure.jpg

Image: Trend Micro

But what stood out to researchers was the fact that APT33 was not using commercial VPN servers to hide their location, as some hacking groups tend to do.

Instead, the group had set up and was operating its own private VPN network.

“Setting up a private VPN can be easily done by renting a couple of servers from data centers around the world and using open source software like OpenVPN,” researchers said.

APT33’s custom VPN network was a big mistake

But what APT33 didn’t know was that this, actually, made them easier to track. Researchers only had to keep an eye out for a few IP addresses. If APT33 had used a commercial VPN provider’s network, then they would have seamlessly melted into all the other legitimate traffic.

“APT33 likely uses its VPN exit nodes exclusively,” Trend Micro said. “We have been tracking some of the group’s private VPN exit nodes for more than a year, and we have listed known associated IP addresses in the table below.”

apt33-vpns.png

Image: Trend Micro

But besides connecting to their malware botnet control panels, Trend Micro said that the group had also used the same private VPN exit nodes “for reconnaissance of networks that are relevant to the supply chain of the oil industry.”

“More concretely, we have witnessed some of the IP addresses in Table 3 doing reconnaissance on the network of an oil exploration company and military hospitals in the Middle East, and an oil company in the U.S.,” researchers said.

“APT33 also has a clear interest in websites that specialize in the recruitment of employees in the oil and gas industry,” Trend Micro’s team said. “We recommend companies in the oil and gas industry to cross-relate their security log files with the IP addresses listed above.”

In addition, Trend Micro said APT33 also used its private VPN network to access websites of penetration testing companies, webmail, websites on vulnerabilities, and cryptocurrency hacking sites.

Credit: Zdnet

Previous Post

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage

Next Post

Google releases source code of new on-device machine learning solutions

Related Posts

Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
PayPal rolls out new fraud management tools for merchants
Internet Security

PayPal rolls out new fraud management tools for merchants

April 12, 2021
Next Post
Google releases source code of new on-device machine learning solutions

Google releases source code of new on-device machine learning solutions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft
Data Science

Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft

April 13, 2021
Data Science And Machine Learning Service Market Growth Due to COVID-19 Spread | ZS, LatentView Analytics, Mango Solutions, Microsoft, International Business Machine – KSU
Machine Learning

Data Science And Machine Learning Service Market Growth Due to COVID-19 Spread | ZS, LatentView Analytics, Mango Solutions, Microsoft, International Business Machine – KSU

April 13, 2021
How to Change the WordPress Admin Login Logo
Learn to Code

Intl.NumberFormat

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Trends in custom software development in 2021
Data Science

Trends in custom software development in 2021

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Who do I pay to get the ‘phone’ removed from my iPhone? April 13, 2021
  • Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft April 13, 2021
  • Data Science And Machine Learning Service Market Growth Due to COVID-19 Spread | ZS, LatentView Analytics, Mango Solutions, Microsoft, International Business Machine – KSU April 13, 2021
  • Intl.NumberFormat April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates