Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Microsoft warns of economic damages caused by Iran-linked hackers

Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups. Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide. According to Microsoft, the attackers already caused hundreds of millions of dollars in […]

Iran -linked cyber-enabled kinetic targeting

Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups.

Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide.

According to Microsoft, the attackers already caused hundreds of millions of dollars in damages by stealing secret data and wiping information from computer networks of 200 companies over the past two years.

The experts estimated the attacks caused hundreds of millions of dollars in damages.

“Researchers for tech giant Microsoft said the attackers stole secrets and wiped data from computer networks after targeting thousands of people at some 200 companies over the past two years, according to The Wall Street Journal.” reported the AFP press agency.

According to the Wall Street Journal, the cyberattacks hit organizations in the energy industry, most oil-and-gas firms, and makers of heavy machinery. The Iran-linked hackers hit organizations in several countries, including Saudi Arabia, Germany, the United Kingdom, India, and the U.S..

Researchers attributed the attacks to an Iran-linked group tracked by Microsoft as Holmium (aka APT33) that has been around since at least 2013. Since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production.

Microsoft observed Holmium cyber espionage group carrying out spear-phishing attacks against more than 2,200 people with the intent to deliver malicious code.

John Lambert, the head of Microsoft’s Threat Intelligence Center defined the attacks as “massively destabilizing events.”

In 2017, security firm FireEye observed the APT33 group targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

In 2018, the Iran-linked group continued to be very active, security researchers at Cyberbit discovered the Early Bird code injection technique used by the threat actors to inject the TurnedUp malware into the infected systems evading security solutions.

Security experts warn of the increased cyber capabilities of Iran-linked cyber espionage groups, a few days ago PaloAlto Networks published an analysis that revealed the Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Iran-linked hackers, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]