Search This Blog

Showing posts with label Middle East Cyber Army. Show all posts

Iranian Hacker Group Using New Tools to Target Government Agencies of Broader Middle East Region

 

In the part of their attacks on companies and government agencies in the broader Middle East region, an Iranian cyberattack group has begun utilizing new tools, including a custom download utility and commodity ransomware, as per Broadcom's Symantec division. 

Dubbed as Seedworm, the group gives off an impression of being deploying a few variations of a new downloader, known as PowGoop, to the recent targets.

The utilization of the noxious program doesn't demonstrate a shift to ransomware-based cybercrime for the group, yet rather a reception of a more extensive variety of strategies for countering defensive measures. 

The software downloads and decrypts 'obfuscated' PowerShell scripts to run on compromised frameworks, utilizing the basic utility as an approach to execute code. 

The researchers additionally state that the group is sending ransomware, known as Thanos, which previously appeared available to be purchased not long ago and gives off an impression of being utilized by Seedworm for its 'destructive capacities'.

"Looking at Seedworm's history, it is apparent they've been focused on Middle East-based government organizations for years," "We don't believe that they are directly focused on monetary gain. From our standpoint, the Thanos victim organizations [represent] very few [targets] — just a handful at the most," says Vikram Thakur, Symantec's technical director. 

The researchers were moderately sure, nonetheless, in ascribing PowGoop to the Iranian state actor.

"Seedworm has been one of the most active Iran-linked groups in recent months, mounting apparent intelligence-gathering operations across the Middle East," Symantec researchers stated in their analysis.  
"While the connection between PowGoop and Seedworm remains tentative, it may suggest some retooling on Seedworm's part. Any organizations that do find evidence of PowGoop on their networks should exercise extreme caution and perform a thorough investigation." 

"There is nothing sophisticated about PowGoop aside from it being custom-made and that it uses multiple layers of encoded PowerShell scripts to effectively download and execute PS-based payloads," Thakur added later.

PowGoop has additionally been identified by various other companies. Security firm Palo Alto Networks associated PowGoop with two ransomware attacks on companies in the Middle East and North Africa at the beginning of September.

Arizona’s department website shuts down after hacking attack


One after another, Middle East Cyber Army, a hacking group, is attacking government websites of various countries.

After Myanmar’s Ministry of Mines, the hacker group has hacked the website of Arizona’s Department of Weights and Measures’. As a result, the website has been shut down for the last one week.

The hackers left a message on the website, “Hacked by Middle East Cyber Army” and slogans like such as, “In Allah we trust. For Allah we work. Death to Israel. Free Palestine. Jerusalem is ours” along with a masked figure in front of the Dome of the Rock.

Andy Tobin, director at the department, confirmed that the department’s website was hacked on Sunday.

Today, the department’s website is still down for maintenance.

“The web-site you were attempting to access is currently undergoing maintenance activities. We apologize for the inconvenience. Please retry again later. Thank you for your patience,” the website read.

According to Tobin, soon after they got to know about the hacking attack, they shut down their website and database.

He said that the agency got its backup database running on Tuesday so its investigators can continue their work.

Tobin said the agency is investigating the matter collaborating with the Arizona Department of Administration. Similarly, they have also informed the U.S. Department of Homeland Security about the hacking attack.

The department is still trying to sort out the issue. It has yet to be determined whether the department to resume its website or shift its components over to the Arizona Department of Agriculture, which is scheduled to take over many of the department’s duties next year.

The hacking group had hacked many other websites like in December the group hacked the website for a school district in Little Rock, Ark. It took over the website for the small Quebec town of Terrasse-Vaudreuil in January. Similarly, in May, it targeted Auckland University in New Zealand. And in April, it hacked Art and Sol, a Scottsdale-based performing arts program for children.