Iran Attacks Israel With Cyber Attacks | Iran Cyber Attack on Israel

Iran Attacks Israel With Cyber Attacks | Iran Cyber Attack on Israel
🔗Get a 14-day free trial with my sponsor Aura and see where your personal information is being leaked online: Aura.com/nico
🔗 ESET Smart Security: www.jdoqocy.com/click-1004721...
ESET Research Document 1: www.eset.com/int/about/newsro...
ESET Research Document 2: www.eset.com/int/about/newsro...
💢 Business Inquiries: garrettgateway@protonmail.com
Iran Attacks Israel with Cyber Attacks
September 11, 2023 - ESET researchers have discovered a campaign by the Ballistic Bobcat group, which is using a novel backdoor that ESET has named Sponsor. Ballistic Bobcat, previously tracked by ESET Research as APT35/APT42 (also known as Charming Kitten, TA453, or PHOSPHORUS), is a suspected Iran-aligned, advanced, persistent threat group that targets education, government, and healthcare organizations, as well as human rights activists and journalists. It is most active in Israel, the Middle East, and the United States. Its aim is cyberespionage, and a significant majority of the 34 victims were located in Israel, with only two located in Brazil and the UAE. In Israel, automotive, manufacturing, engineering, financial services, media, healthcare, technology and telecommunications verticals have been attacked.
Thus, Ballistic Bobcat continues to look for targets of opportunity with unpatched vulnerabilities in internet-exposed Microsoft Exchange servers. “The group continues to use a diverse, open-source toolset supplemented with several custom applications, including the newly discovered Sponsor backdoor. Defenders would be well advised to patch any internet-exposed devices and remain vigilant for new applications popping up within their organizations,” says ESET researcher Adam Burgher, who discovered the Sponsor backdoor and analyzed the latest Ballistic Bobcat campaign.
ESET researchers have analyzed two campaigns by the Iran-aligned OilRig APT group: Outer Space from 2021, and Juicy Mix from 2022. Both of these cyberespionage campaigns targeted Israeli organizations exclusively, which is in line with the group’s focus on the Middle East, and both used the same playbook: OilRig first compromised a legitimate website to use as a C&C server and then delivered previously undocumented backdoors to its victims while also deploying a variety of post-compromise tools mostly used for data exfiltration from the target systems. Specifically, they were used to collects credentials from Windows Credential Manager and from major browsers, credentials, cookies and browsing history.
In their Outer Space campaign, OilRig used a simple, previously undocumented C#/.NET backdoor ESET Research has named Solar, along with a new downloader, SampleCheck5000 (or SC5k), that uses the Microsoft Office Exchange Web Services API for C&C communication. For the Juicy Mix campaign, the threat actors improved on Solar to create the Mango backdoor, which possesses additional capabilities and obfuscation methods. Both backdoors were deployed by VBS droppers, presumably spread via spearphishing emails. In addition to detecting the malicious toolset, ESET has also notified the Israeli CERT about the compromised websites.
OilRig, also known as APT34, Lyceum, or Siamesekitten, is a cyberespionage group that has been active since at least 2014 and is commonly believed to be based in Iran. The group targets Middle Eastern governments and a variety of verticals, including chemical, energy, financial and telecommunications.
Chapters:
0:00 Intro
0:50 Sponsor
1:20 First Attack
1:50 2nd Attack
3:00 What Israel Says
Iran Israel Hamas Attacks War
Download Tron Script: / tronscript
---------------
▶️ Please subscribe: / nicoknowstech
---------------
▶️ Join my Discord: discord.io/NicoKnowsTech
▶️ Support me on Patreon: / nicoknowstech
---------------
▶️ Follow me on:
Instagram - / nicoknowstech
Twitter - / nicoknowstech
▶️ Frequently Asked Questions: • Frequently Asked Quest...
---------------
▶️ Check out my other videos:
Block ALL Ads, Malware Domain, Trackers & More: • Block ALL Ads, Malware...
NKM Minecraft Faction Server Launched: • NKM Minecraft Faction ...
Virus Removal Tutorial: • IBuddy, Idle Buddy, Br...
Can you trust virus scanners? : • Can you trust virus sc...
---------------
#Israel #Iran #hamasattack #cybersecurity