Iran TerrorismBeware of Iran’s State-Sponsored Cyber Attacks

Beware of Iran’s State-Sponsored Cyber Attacks

-

It is one of the most far-reaching security vulnerabilities in the history of the Internet, and gradually more and more hackers are trying to exploit it. State attackers are also trying to capitalize on the problem called Log4shell, which startled IT professionals around the world over the weekend. This is what IT security companies report.

The problem lies in the utility program Log4j, part of the widely used Java technology. It should only log what happens on a computer server. However, computers connected to the network, e.g., from online games or cloud providers, can be taken over by hackers via the vulnerability. Products from Amazon, Cisco, or IBM are always affected. The vulnerable technique is so widespread that professionals still find it difficult to gauge which and how many services are affected.

The IT security company Checkpoint has counted the attack attempts: on Saturday, twelve hours after the vulnerability became known, it was 40,000, after 72 hours it was more than 800,000. Because of the extremely rapid growth, Checkpoint speaks of a ‘cyber pandemic’.

The state hackers try to exploit Log4shell, reported among others, the Microsoft security team, which monitors and analyzes groups of hackers. State groups from China, Iran, North Korea, and Turkey would take advantage of Log4shell. They tried to adapt the attack technique for the vulnerability, which has been known since last week, for their purposes and to merge it with existing malware. In this way, unauthorized persons could completely take over computers remotely.

The Iranian group, named Phosphorus by Microsoft, used the vulnerability to install ransomware on target devices without authorization. Such software encrypts data on victims’ systems, rendering those systems unusable. It is often used to extort ransom from such ‘shackled’ companies and organizations. According to the analysts, the group uses ransomware to make money or simply to cripple its targets. The Chinese group called Hafnium is also attacking software infrastructure via Log4shell. Other groups have taken root in systems through the gap and are now selling access to them to ransomware hackers. The IT security company Mandiant also reports that it has observed Iranian and Chinese state hackers exploiting Log4shell.

According to Microsoft, however, so-called mass scans make up the largest part of Log4Shell activity: attackers practically feel their way through the Internet, looking for vulnerable devices. Botnets – armies of hijacked computers interconnected by criminals – also use this technology. However, some of the scans measured are likely to be traced back to IT security experts who want to protect devices rather than take them over. As on the weekend, hackers installed so-called coin miners on their victims’ computers. The attackers want to use their computing power to secretly generate cryptocurrencies for themselves. Windows and Linux systems are equally affected.

The Apache Software Foundation, which takes care of Log4j, has made a security update available to close the gap. The US cybersecurity agency, meanwhile, set a deadline. It urged federal agencies to download the update by Christmas. However, the update originally provided by the foundation did not fully protect systems. Version 2.15.0 of Log4j left a hole open which attackers could use to paralyze the software. The new update 2.16.0 closes this gap. Anyone who runs servers in the network should immediately take action.

Another state-sponsored hacking activity by the Iranian government has been spotted by security researchers in recent weeks which is targeting telecommunication and IT service providers in the Middle East and Asia.

The campaign has been conducted over the past six months, and there are tentative links to the Iranian-backed actor, famous as the MERCURY (MuddyWater, SeedWorm). This was reported by the Threat Hunter Team at Symantec. Information was collected from recent attacks against Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos.

Latest news

What Gas Poisonings In Iran Tell Us About The Ruling Regime

For months schools in Iran have been in the crosshairs of gas attacks against the country’s children. The mullahs’...

Iran’s Regime Inches Toward Nuclear Weapons

Iran’s regime is once again at the center of a dangerous escalation of the proliferation of nuclear weapons. A...

US Congress Expresses Support for Iranian People’s Quest for a Democratic, Secular Republic

Several bipartisan members of the U.S. House of Representatives have presented a resolution (H. RES. 100) supporting the Iranian...

Wave Of Poisoning Attacks Against Schools Leave Hundreds Sick

Iran has been shaken for three months by serial poisoning attacks against all-girls schools, which has left more than...

Iranian Security Forces Beat Baluch Doctor To Death

On Thursday, February 23, activists in Sistan and Baluchestan provinces reported the news of the death of Dr. Ebrahim...

World Powers Should Hear The Voice Of Iranians, Not Dictators And Their Remnants

Iran’s nationwide uprising continues despite its ups and down. The clerical system’s demise no longer seems a dream but...

Must read

Several Iranian Fighters Killed in Air Strike in Syria

Iran Focus London, 09 Apr - It has been...

Iran’s defence chief tied to Beirut bombing of U.S. Marines

Iran Focus: London, Aug. 14 - The nomination...

You might also likeRELATED
Recommended to you