New Iranian hacking campaign

Check Point Software Technologies Ltd.

San Carlos, California (ots)

Check Point Research (CPR), the research division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), reports that they are on the trail of a new hacking campaign. This activity cluster was named Educated Manticore, after the manticore creature from Persian mythology, with which the security researchers want to make it clear from the name which nation they suspect is behind the campaign.

Sergey Shykevich, Threat Group Manager at Check Point Software Technologies, comments: “In our study, we shed light on the ongoing development of the capabilities of nation-state hacking groups from Iran. Similar to ordinary cyber criminals, who link their infection chains to the changing IT environments, nation-state hackers are now also using ISO files to circumvent new measures against the hitherto popular infected Office files, but this actor’s tools have also improved, reflecting Iran’s continued investment in expanding its state-owned IT skills.”

Phosphorus is a notorious APT (Advanced Persistent Threat) group that operates from Iran, primarily in and against North America and the Arab world. The new group that appears to be associated with Phosphorus uses seldom-seen methods, including .NET binaries built in mixed-mode assembly code. The new campaign mainly consists of phishing against Iraqis and Israelis, using an ISO image file, as many protections against infected Office files, such as supposed Word or Excel documents, have recently been set up by companies and government agencies . Within the ISO file, the documents were kept in Arabic and Hebrew.

The security researchers at Check Point suspect that this method is only intended to act as the beginning of an infection chain to open a gateway for malware or ransomware, because: The variant in the ISO files is an update of older malware, and both may be linked to ransomware -Operations of Phosphorus together.

Press contact:

Kafka Communications GmbH & Co. KG
On the egg meadow 1
82031 Gruenwald
Tel.: 089 74747058-0
[email protected]

Original content from: Check Point Software Technologies Ltd., transmitted by news aktuell

Share This:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply