WASHINGTON: Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials.
The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.
The warning is notable because even though ransomware attacks remain prevalent in the US, most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.
Government officials aren’t the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.
Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, D.C., as a cover, Microsoft said.
Once rapport is built and a malicious link is sent, the Iranians are extra pushy at trying to get their victims to click on it, said James Elliott, a member of the Microsoft Threat Intelligence Center.
“These guys are the biggest pain in the rear. Every two hours they’re sending an email,” Elliott said at the Cyberwarcon cybersecurity conference Tuesday.
Earlier this year Facebook announced it had found Iranian hackers using “sophisticated fake online personas” to build trust with targets and get them to click on malicious links and often posed as recruiters of defense and aerospace companies.
Researchers at the Crowdstrike cybersecurity firm said they and competitors began seeing this type of Iranian activity last year.
The Iranian ransomware attacks, unlike those sponsored by North Korea’s government, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them — and to essentially wear down their targets, Crowdstrike researchers said at the Cyberwarcon event.
“While these operations will use ransom notes and dedicated leak sites demanding hard cryptocurrency, we’re really not seeing any viable effort at actual currency generation,” Crowdstrike global threat analysis director Kate Blankenship said.
Crowdstrike considers Iran to be the trendsetter in this novel “low form” of cyberattack, which typically involves paralyzing a network with ransomware, stealing information and then leaking it online. The researchers call the method “lock and leak.” It is less visible, less costly and “provides more room for deniability,” Blankenship said.
Iran-backed hackers accused of targeting critical US sectors
https://arab.news/bm9p7
Iran-backed hackers accused of targeting critical US sectors
- The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion
- The group has used the same Microsoft Exchange vulnerability in Australia, officials say
MPs, parties welcome Lebanon’s decision to ban Hezbollah’s military wing
- Lebanese judiciary issues arrest warrants to pursue those who fired rockets at Haifa
- Bilal Al-Houshaymi: It (Lebanon) is either a fully sovereign state with a single decision-making authority, or it will continue its downward slide into greater danger and collapse
BEIRUT: Lebanon’s Cabinet decisions were described by political parties and parliamentarians as the boldest measures taken against Hezbollah to date, with ministers from the Amal Movement, the group’s key ally, joining in a show of government solidarity.
In an unprecedented move, Lebanon’s Cabinet on Monday declared Hezbollah’s military activities illegal and demanded the immediate handover of its weapons, following Israeli strikes that killed more than 40 people and wounded dozens across Beirut’s southern suburbs, southern Lebanon and the Bekaa Valley.
The Israeli strikes came after rockets and drones were fired from Lebanese territory toward northern Israel — an assault Hezbollah said was carried out in retaliation for the killing of Iran’s Supreme Leader Ayatollah Ali Khamenei. Among those killed were several Hezbollah officials.
Independent MP Ibrahim Mneimneh affirmed his support for the government’s decisions “at this sensitive stage” as he said they consolidate the sovereignty of the state and the confinement of security and military decision-making to its legitimate institutions.
“The protection of Lebanon requires the firm application of the law, without making any exceptions, and providing support for the army and security forces in carrying out their duties in order to safeguard stability and civil peace,” he added.
Beqaa MP Bilal Al-Houshaymi said Lebanon cannot withstand new experiments or further adventures. “It is either a fully sovereign state with a single decision-making authority, or it will continue its downward slide into greater danger and collapse.”
Lebanese Forces party leader Samir Geagea said in a statement that the cabinet had taken an additional step toward the establishment of a functioning state.
“The ball is now in the court of the Lebanese Armed Forces, the Internal Security Forces, General Security, State Security and the competent judicial authorities. It is their chance to begin implementing the government’s decision seriously and decisively as of this moment,” he added.
The party’s two ministers remained alone in their defense of what they called the “resistance.” This stance was articulated by Health Minister Rakan Nassereddine, whom Hezbollah named to represent it in the government, as he said after the session that “no one holds their resistance accountable as we have held ours accountable.” He questioned whether “the Israelis can be trusted.”
Lebanese President Joseph Aoun held those who launched the rockets responsible for their actions, noting that the Lebanese people should not bear responsibility “for a reckless operation.”
Aoun said Hezbollah’s morning strike was “not a defense of Lebanon nor a protection of the Lebanese; it is not acceptable in any way whatsoever, and it gives Israel a pretext to destroy what is left.”
The cabinet asked the Lebanese Army Command to immediately and firmly begin implementing the plan to restrict weapons north of the Litani River, announcing that Lebanon is ready to resume negotiations with Israel.
The cabinet decisions, read out by Prime Minister Nawaf Salam in an address, announced that the government had formally rejected any military or security operations carried out from Lebanese territory outside the authority of the state, reaffirming that the decision of war and peace rests solely with the government.
The measures include an immediate ban on all Hezbollah military and security activities deemed unlawful, a requirement that the group hand over its weapons to the state, and a restriction of its role to political activity within constitutional and legal frameworks — a step aimed at ensuring the monopoly of arms remains exclusively with the state and reinforcing full sovereignty over Lebanese territory.
Salam said that the government does not seek confrontation with Hezbollah. “But we cannot in any way accept the launching of rockets from Lebanon nor the threat of civil war.”
In parallel with the political move, the Lebanese judiciary moved to pursue those who fired rockets at Haifa from Lebanese territory. The military judiciary issued warrants to arrest all those responsible for launching rockets at the Israeli city.
Government Commissioner to the Military Court Claude Ghanem requested that the security agencies identify those who took part in directing the rockets, arrest them immediately and refer them to the military public prosecution.
A judicial source confirmed that the security agencies verified that the rocket-launching operation took place from an area of valleys and forests located north of the Litani River.
A statement bearing the signature of Hezbollah’s Military Media had been issued at dawn claiming responsibility for the operation of bombarding the Mishmar site south of the city of Haifa with a salvo of rockets and drones, as “revenge for the blood of the Iranian Supreme Leader Ali Khamenei.”
While Hezbollah has not issued any official statement tallying its human losses as a result of direct Israeli strikes, Lebanese and Israeli field reports cited the assassination of Mohammad Raad, head of Hezbollah’s parliamentary bloc, who in recent months had coordinated between the state and the party on the issue of restricting weapons; Sheikh Ali Daamoush, the head of Hezbollah’s Executive Council; and Hussein Moukalled, the head of Hezbollah’s intelligence services in the southern suburb.
The reports also mentioned the killing of Mohammad Rida Fadlallah, brother of the late scholar Sayyed Mohammad Hussein Fadlallah, along with his wife; and Sheikh Abdullah Shaito, a Ja‘fari Sharia judge, with his son and daughter.
Amid the strikes, citizens evacuated Beirut’s southern suburb, more than 53 southern villages and dozens of villages in the Beqaa region.
Many fled at night, remaining in their cars or along the roadsides in Beirut, amid successive warnings issued by the Israeli army urging civilians to leave their villages and homes ahead of strikes on Hezbollah targets, according to its claims.
As hotels reached full capacity, many turned to furnished apartments. Although the state opened a number of public schools to shelter the displaced, the hastily opened and prepared facilities were insufficient to accommodate tens of thousands of people.
Meanwhile, a military source suggested that the evacuation of the villages could be a prelude to a ground invasion.
Israel announced the mobilization of about 100,000 reservists along the border with Lebanon in preparation for expanding the war. Israeli army spokesperson Avichay Adraee posted on social media that “all options are on the table,” adding that “Hezbollah chose to launch this campaign, and will pay a heavy price for it.”
Israeli Chief of Staff Eyal Zamir warned of “many days of fighting ahead,” while Israeli Defense Minister Israel Katz said that “Hezbollah chief Naim Qassem is now a ‘target for elimination,’ and Hezbollah will pay a heavy price for launching missiles toward Israel.”
