#CrimsonSandstorm

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors

February 28, 2024 by Xynik

February 28, 2024 at 10:45AM Iran-nexus threat actor UNC1549 attributed to cyber attacks in Middle East, including Israel and U.A.E. Also targeting Turkey, India, and Albania. Suspected activity ongoing since June 2022, using Microsoft Azure infrastructure, spear-phishing emails, and custom backdoors MINIBIKE and MINIBUS for intelligence collection and network access. Evasion methods make detection challenging. … Read more

Iranian hackers launch malware attacks on Israel’s tech sector

November 12, 2023 by Xynik

November 12, 2023 at 10:37AM Imperial Kitten, a threat actor linked to the Iranian Armed Forces, has been conducting cyberattacks since 2017. Recently, they targeted transportation, logistics, and technology firms using phishing emails with malicious attachments. They gained network access, moved laterally, and communicated with a command and control server using custom malware. Previously, they … Read more

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East’s Tech Sectors

November 10, 2023 by Xynik

November 10, 2023 at 03:21AM A group with links to Iran, known as Imperial Kitten, targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023. They utilize social engineering and various techniques such as watering hole attacks, one-day exploits, phishing, and targeting IT service providers for initial access. Microsoft notes … Read more