WASHINGTON: Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials.
The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.
The warning is notable because even though ransomware attacks remain prevalent in the US, most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.
Government officials aren’t the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.
Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, D.C., as a cover, Microsoft said.
Once rapport is built and a malicious link is sent, the Iranians are extra pushy at trying to get their victims to click on it, said James Elliott, a member of the Microsoft Threat Intelligence Center.
“These guys are the biggest pain in the rear. Every two hours they’re sending an email,” Elliott said at the Cyberwarcon cybersecurity conference Tuesday.
Earlier this year Facebook announced it had found Iranian hackers using “sophisticated fake online personas” to build trust with targets and get them to click on malicious links and often posed as recruiters of defense and aerospace companies.
Researchers at the Crowdstrike cybersecurity firm said they and competitors began seeing this type of Iranian activity last year.
The Iranian ransomware attacks, unlike those sponsored by North Korea’s government, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them — and to essentially wear down their targets, Crowdstrike researchers said at the Cyberwarcon event.
“While these operations will use ransom notes and dedicated leak sites demanding hard cryptocurrency, we’re really not seeing any viable effort at actual currency generation,” Crowdstrike global threat analysis director Kate Blankenship said.
Crowdstrike considers Iran to be the trendsetter in this novel “low form” of cyberattack, which typically involves paralyzing a network with ransomware, stealing information and then leaking it online. The researchers call the method “lock and leak.” It is less visible, less costly and “provides more room for deniability,” Blankenship said.
Iran-backed hackers accused of targeting critical US sectors
https://arab.news/bm9p7
Iran-backed hackers accused of targeting critical US sectors
- The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion
- The group has used the same Microsoft Exchange vulnerability in Australia, officials say
Iraq requests end of UN assistance mission by end-2025
- Prime PM said Iraq wanted to deepen cooperation with other UN organizations but there was no longer a need for the political work of the UN assistance mission
BAGHDAD: Iraq has requested that a United Nations assistance mission set up after the 2003 US-led invasion of the country end its work by the end of 2025, saying it was no longer needed because Iraq had made significant progress toward stability.
The mission, headquartered in Baghdad’s heavily fortified Green Zone, was set up with a wide mandate to help develop Iraqi institutions, support political dialogue and elections, and promote human rights.
Prime Minister Mohammed Shia Al-Sudani said Iraq wanted to deepen cooperation with other UN organizations but there was no longer a need for the political work of the UN assistance mission, known as UNAMI.
The mission’s head in Iraq often shuttles between top political, judicial and security officials in work that supporters see as important to preventing and resolving conflicts but critics have often described as interference.
“Iraq has managed to take important steps in many fields, especially those that fall under UNAMI’s mandate,” Sudani said in a letter to UN Secretary-General Antonio Guterres.
Iraq’s government has since 2023 moved to end several international missions, including the US-led coalition created in 2014 to fight Islamic State and the UN’s mission established to help promote accountability for the jihadist group’s crimes.
Iraqi officials say the country has come a long way from the sectarian bloodletting after the US-led invasion and Islamic State’s attempt to establish a caliphate, and that it no longer needs so much international help.
Some critics worry about the stability of the young democracy, given recurring conflict and the presence of many heavily armed military-political groups that have often battled on the streets, the last time in 2022.
Some diplomats and UN officials also worry about human rights and accountability in a country that frequently ranks among the world’s most corrupt and where activists say freedom of expression has been curtailed in recent years.
Iraq’s government says it is working to fight corruption and denies there is less room for free expression.
Somalia’s government also requested the termination of a UN political mission this week. In a letter to the Security Council, the country’s foreign minister called for the departure of the Nations Assistance Mission in Somalia (UNSOM), which has advised the government on peace-building, security reforms and democracy for over a decade. He provided no reason.
Gaza aid could grind to a halt within days, UN agencies warn
- Humanitarian workers have sounded the alarm this week over the closure of the Rafah and Kerem Shalom crossings for aid
LONDON: Dwindling food and fuel stocks could force aid operations to grind to a halt within days in Gaza as vital crossings remain shut, forcing hospitals to close down and leading to more malnutrition, United Nations aid agencies warned on Friday.
Humanitarian workers have sounded the alarm this week over the closure of the Rafah and Kerem Shalom crossings for aid and people as part of Israel’s military operation in Rafah, where around 1 million uprooted people have been sheltering.
The Israeli military said a limited operation in Rafah was meant to kill fighters and dismantle infrastructure used by Hamas, which governs the besieged Palestinian territory.
“For five days, no fuel and virtually no humanitarian aid entered the Gaza Strip, and we are scraping the bottom of the barrel,” said the UNICEF Senior Emergency Coordinator in the Gaza Strip, Hamish Young.
“This is already a huge issue for the population and for all humanitarian actors but in a matter of days, if not corrected, the lack of fuel could grind humanitarian operations to a halt,” he told a virtual briefing.
More than 100,000 people have fled Rafah in the last five days
More than 100,000 people have fled Rafah in recent days, said Young.
Israel’s military on Monday called for Gazans to leave eastern Rafah, which triggered widespread international alarm.
The UN children’s agency UNICEF said more than 100,000 had left, with the UN humanitarian agency OCHA putting the figure at more than 110,000.
All eyes have been on Rafah in recent weeks, where the population had swelled to around 1.5 million after hundreds of thousands of Palestinians fled fighting in other areas of Gaza.
Georgios Petropoulos, head of OCHA’s sub-office in Gaza, said the situation in the besieged Palestinian territory had reached “even more unprecedented levels of emergency.”
Countries around the world, including key Israeli backer the United States, have urged Israel not to extend its ground offensive into Rafah, citing fears of a large civilian toll.
Hamish Young, UNICEF’s senior emergency coordinator in the Gaza Strip, insisted Rafah “must not be invaded” and called for the immediate flow of fuel and aid into the Gaza Strip.
“Yesterday, I was walking around the Al-Mawasi zone, that people in Rafah are being told to move to,” he said, also speaking from Rafah.
“Shelters already lined Al-Mawasi’s sand dunes and it’s now becoming difficult to move between the mass of tents and tarpaulins.
AFP journalists in the Gaza Strip early Friday witnessed artillery strikes on Rafah on the territory’s southern border with Egypt.
Gaza’s bloodiest-ever war began following Hamas’s unprecedented October 7 attack on Israel that resulted in the deaths of more than 1,170 people, mostly civilians, according to an AFP tally of Israeli official figures.
Vowing to destroy Hamas, Israel has conducted a retaliatory offensive that has killed more than 34,900 people in Gaza, mostly women and children, according to the Hamas-run territory’s health ministry.
Turkiye says it killed 17 Kurdish militants in northern Iraq, Syria
ANKARA: Turkish forces have killed 17 militants of the outlawed Kurdistan Workers Party (PKK) across various regions of northern Iraq and northern Syria, the defense ministry said on Friday.
In a post on social media platform X, the ministry said its forces had “neutralized” 10 PKK insurgents found in the Gara and Hakurk regions of northern Iraq, and in an area where the Turkish military frequently mounts cross-border raids under its “Claw-Lock Operation.”
It said another seven militants were “neutralized” in two regions of northern Syria, where Turkiye has previously carried out cross-border incursions.
The ministry’s use of the term “neutralized” commonly means killed. The PKK, which has been waging an insurgency against the Turkish state since 1984, is designated a terrorist organization by Turkiye, the United States and the European Union.
Turkiye’s cross-border attacks into northern Iraq have been a source of tension with its southeastern neighbor for years. Ankara has asked Iraq for more cooperation in combating the PKK, and Baghdad labelled the group a “banned organization” in March.
Last month, Turkish President Tayyip Erdogan held talks with officials in Baghdad and Irbil, the capital of Iraqi Kurdistan, about the continued presence of the PKK in northern Iraq, where it is based, and other issues. Erdogan later said he believed Iraq saw the need to eliminate the PKK as well.
Turkiye has also staged military incursions in Syria’s north against the YPG militia, which it regards as a wing of the PKK.
Erdogan and his ministers have repeatedly said that while Ankara is working on repairing ties with Syrian President Bashar Assad’s government after years of animosity, it will mount a new offensive into northern Syria to push the YPG away from its border.
Israeli demonstrators torch part of UN compound in Jerusalem
- Compound closed until proper security was restored
- Thursday’s incident was the second in less than a week
JERUSALEM: The main United Nations aid agency for Palestinians closed its headquarters in East Jerusalem after local Israeli residents set fire to areas at the edge of the sprawling compound, the agency said.
Philippe Lazzarini, the head of UNRWA, said in a post on the social media platform X that he had decided to close the compound until proper security was restored. He said Thursday’s incident was the second in less than a week.
“This is an outrageous development. Once again, the lives of UN staff were at a serious risk,” he said.
“It is the responsibility of the State of Israel as an occupying power to ensure that United Nations personnel and facilities are protected at all times,” he said.
This evening, Israeli residents set fire twice to the perimeter of the UNRWA Headquarters in occupied East Jerusalem.
— Philippe Lazzarini (@UNLazzarini) May 9, 2024
This took place while UNRWA and other UN Agencies’ staff were on the compound.
While there were no casualties among our staff, the fire caused extensive damage… pic.twitter.com/ZqHFDNkiWC
UNRWA, set up to deal with the Palestinian refugees who fled or were forced from their homes during the 1948 war around the time of Israel’s creation, has long been a target of Israeli hostility.
Since the start of the war with Gaza Israeli officials have called repeatedly for the agency to be shut down, accusing it of complicity with the Islamist movement Hamas in Gaza, a charge the United Nations strongly rejects.
Israel considers all of Jerusalem its indivisible capital, including eastern parts it captured in a 1967 war, which Palestinians seek as the future capital of an independent state.
Lazzarini said staff were present at the time of the incident but there were no casualties. However outdoor areas were damaged by the blaze, which was put out by staff after emergency services took time to respond.
There was no immediate comment from the Israeli police.
Lazzarini said groups of Israelis had been staging regular demonstrations outside the UNRWA compound for the past two months and said stones were thrown at staff and buildings in the compound this week.
In footage shared with Lazzarini’s post, smoke can be seen rising near buildings at the edge of the compound while the sound of chanting and singing can be heard.
A crowd accompanied by armed men were witnessed outside the compound chanting “Burn down the United Nations,” Lazzarini said.
UKMTO reports hijacking attempt of vessel east of Yemen’s Aden
DUBAI: The United Kingdom Maritime Trade Operations (UKMTO) organization said on Friday it had received a report of a failed hijacking attempt of a vessel 195 nautical miles east of Yemen’s Aden.
The vessel’s master reported being approached by a small craft carrying five or six armed people with ladders.
Houthi militants in Yemen have launched drone and missile attacks on shipping in and around the Red Sea and the Indian Ocean to show support for the Palestinians in the Gaza war.
Maritime sources say pirates may be encouraged by a relaxation of security or may be taking advantage of the chaos caused by attacks on shipping by the Iran-aligned Houthis.
After firing on the vessel, the people in the small craft were forced to abort their approach when the security team on the vessel returned fire, the UKMTO reported.
The vessel and its crew are reported to be safe, and the vessel is proceeding to its next port of call, it said.
