Sunday, April 11, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Iranian state hacker group linked to ransomware deployments

October 18, 2020
in Internet Security
Iranian state hacker group linked to ransomware deployments
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers.

Special feature


Cyberwar and the Future of Cybersecurity

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions to MuddyWater, a known Iranian state-sponsored hacking group.

The intrusions followed similar patterns, with two tactics being recorded.

MuddyWater would use phishing emails carrying malicious Excel or PDF documents that, when opened, would download and install a malware strain from the hackers’ servers.

In the second scenario, MuddyWater would scan the internet for unpatched Microsoft Exchange email servers, exploit the CVE-2020-0688 vulnerability, install a web shell on the server, and then download and install the same malware seen before.

But ClearSky says this second-stage malware wasn’t just any piece of malicious code, but a strain that has been seen and documented only once before.

Named PowGoop, this PowerShell-based threat has been seen only once in early September and was used to install the Thanos ransomware, according to a report from fellow security firm Palo Alto Networks. Other Thanos (or Hakbit) ransomware attacks have used other malware strains to deploy the ransomware, namely the ubiquitous GuLoader, a completely different malware strain, written in Visual Basic 6.0.

In a report shared with ZDNet today, ClearSky says they stopped the intrusions before attackers could have done any harm, but the company is now raising a sign of alarm in regards to all past Thanos ransomware incidents.

In an interview this week, ClearSky security researchers told ZDNet they believe MuddyWater would have tried to install the Thanos ransomware as a means to hide their attacks and destroy evidence of intrusions by encrypting files on hacked networks.

The tactic of deploying ransomware to hide intrusions has been used before by other state-sponsored operations and has been well documented.

Past Thanos ransomware attacks now need to be revisited and searched for evidence in a new light. Was the attack a cybercrime group, or was it Iranian hackers?

The question needs to be asked because Thanos, which is offered as a Ransomware-as-a-Service, is rented on Russian-speaking hacker forums and is believed to be employed by multiple threat groups.

But recent versions of the Thanos ransomware also come with a component that rewrites the computer’s MBR and prevents systems from booting. These types of attacks can be extremely disruptive, as systems could be temporarily bricked and might need to be restored from scratch.

ClearSky researcher Ohad Zaidenberg told ZDNet that he believes MuddyWater dipping its toe into ransomware deployments might also be related to the recent mounting political tensions and back-and-forth cyberattacks between Iran and Israel.

MuddyWater has a long history of hacks, but most past operations were geared towards very stealthy intelligence collection. Ransomware, in any form, is not stealthy and can be very destructive, especially when threat actors chose not to honor ransom payments and deliver decryption keys, something that Zaidenberg says could be a possibility, especially when viewed in the current political context.

Credit: Zdnet

Previous Post

Zoom into the future with data for presidential elections and learning machines

Next Post

AI and Machine Learning Network Fetch.ai to Launch Incentivized Testnet Program on October 22, 2020

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
AI and Machine Learning Network Fetch.ai to Launch Incentivized Testnet Program on October 22, 2020

AI and Machine Learning Network Fetch.ai to Launch Incentivized Testnet Program on October 22, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Job Scope For MSBI In 2021
Data Science

Job Scope For MSBI In 2021

April 11, 2021
Basic laws of physics spruce up machine learning
Machine Learning

New machine learning method accurately predicts battery state of health

April 11, 2021
Can a Machine Learning Model Predict T2D?
Machine Learning

Can a Machine Learning Model Predict T2D?

April 11, 2021
Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success
Data Science

Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success

April 11, 2021
Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Job Scope For MSBI In 2021 April 11, 2021
  • New machine learning method accurately predicts battery state of health April 11, 2021
  • Can a Machine Learning Model Predict T2D? April 11, 2021
  • Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success April 11, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates