U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

Following recent mass demonstration, Iran Infy group may attempt to target protesters and their foreign contacts

Following the recent mass demonstration, the Iran-linked Infy group may attempt to target protesters and their contacts abroad. The crackdown of Iranian authorities on protesters and dissident could have a wide range and involve anyone in contact with them. According to cybersecurity firms and researchers, a nation-state actor called Infy is intensifying its attacks against anyone is […]

NCSC Iran

Following the recent mass demonstration, the Iran-linked Infy group may attempt to target protesters and their contacts abroad.

The crackdown of Iranian authorities on protesters and dissident could have a wide range and involve anyone in contact with them.

According to cybersecurity firms and researchers, a nation-state actor called Infy is intensifying its attacks against anyone is in contact with protesters.

The state-sponsored hackers target victims with spear-phishing messages that are constantly refined and improved.

According to the experts Palo Alto Networks, the Infy group is active at least since 2007, its malware was involved in attacks in the country and abroad.

The name Infy malware is based on a string used by the VXers in filenames and command and control (C&C) folder names and strings.

Infy group

The Infy malware was first submitted to VirusTotal on August 2007, meanwhile, the C&C domain used by the oldest sample spotted by the experts has been associated with a malicious campaign dated back December 2004.

The malware evolved over the years, the authors improved it by implementing new features such as support for the Microsoft Edge web browser that was introduced in the version 30.

Unlike other Iranian nation-state actors who target foreign organizations, the Infy group appears focused on opponents and dissidents.

Researchers Colin Anderson and Claudio Guarnieri, authors of the research titled “Iran and the Soft War for Internet Dominance,” confirmed that the Infy attackers were responsible for a large number of attempted malware attacks against Iranian civil society since late 2014.

In response to the recent mass demonstrations, the Iran Government also tried to isolate the protests by blocking internet on mobile networks, the authorities blocked Instagram and messaging services like Telegram.

Security experts believe that protesters will be targeted by the Infy actor, its malware will be used against anyone has any kind of relationship with them.

Stay tuned!

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Iranian hackers,  hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]