“We need to up our game”—DHS cybersecurity director on Iran and ransomware

“We need to up our game”—DHS cybersecurity director on Iran and ransomware

Enlarge / Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, at a recent Senate hearing. Krebs issued a warning earlier this week on a surge in Iranian state-sponsored “malicious cyber activity.” (credit: Tom Williams/CQ Roll Call via Getty Images)

Last weekend, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs issued a statement warning about elevated malicious Internet activity from state-sponsored actors in Iran. The notice corresponded to new warnings from private security research firms, including Recorded Future, of a surge in preparatory activity over the past three months by APT33, a threat group connected to the Iranian government and Iranian Revolutionary Guard Corps (IRGC, Iran’s military).

In an interview with Ars, Krebs explained that the reason for the warning went beyond that “regional activity”—attacks on Saudi Arabian companies and other organizations in the Persian Gulf and South Asia.

“Over the course of the

Read the rest Continue Reading
Iranian state hackers reload their domains, release off-the-shelf RAT malware

Iranian state hackers reload their domains, release off-the-shelf RAT malware

Enlarge / Iran’s hacking groups are scaling up, hitting Saudi companies and other organizations, according to a Recorded Future report. (credit: Getty Images)

A new report from the threat research firm Recorded Future finds that activity from APT33—the Iranian “threat group” previously tied to the Shamoon wiper attack and other Iranian cyber-espionage and destructive malware attacks—has risen dramatically, with the organization creating over 1,200 domains for use in controlling and spreading malware. The research, conducted by Recorded Future’s Insikt Group threat intelligence service, found with some confidence that individuals tied to APT33 (also known as “Elfin”) had launched attacks on multiple Saudi companies, including two healthcare organizations—as well as an Indian media company and a “delegation from a diplomatic institution.”

The majority of these attacks have involved “commodity” malware—well-known remote access tools (RATs).  According to the report:

APT33, or a closely aligned threat actor, continues to control C2

Read the rest Continue Reading
DHS cyber director warns of surge in Iranian “wiper” hack attacks

DHS cyber director warns of surge in Iranian “wiper” hack attacks

Enlarge / An effective wiper of sorts. (credit: Getty Images)

With tensions between the US and Iran on the rise following the downing of a US military drone last week, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.

In a statement issued on Saturday, June 22, CISA Director Christopher C. Krebs said:

CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. Iranian regime actors and proxies are increasingly using destructive “wiper” attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise,

Read the rest Continue Reading