Iranian Hackers Target US Defense Contractors | Threatpost |

  • 14 May 2014
  • 1 reply
  • 421 views

Userlevel 7
Badge +56
http://trtpost.wpengine.netdna-cdn.com/files/2014/05/shutterstock_181921004-680x400.jpg

Iranian Hackers Target US Defense Contractors

 
by Michael Mimoso    May 13, 2014 , 2:07 pmAn Iranian hacking group has moved from politically motivated website defacements to a new specialty – cyberespionage.
The group known as the Ajax Security Team has been outed as the perpetrators of a number of espionage operations against U.S.-based defense contractors in addition to targeting Iranians using software that bypasses the country’s Internet filters.
Security company FireEye reported today that the Ajax Security Team uses custom-built malware in its attacks, and is adept at social engineering as a means of infecting targets.
“The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events,” researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote today. “This is followed by increasing links between the hacking community and the state, particularly military and/or intelligence organizations.”
 
Full Article
 
Daniel

1 reply

Userlevel 7

Iranian hacktivists move into hardcore hacking against West, dissidents

Ajax wiping up with state support?

By Iain Thomson, 14 May 2014  Security firm FireEye has been tracking an Iranian hacking group that has moved from simple defacement of websites to actively targeting Western defense contractors and those within Iran's borders who are trying to circumvent the regime's censorship firewall.
 
The hacking group, calling itself the Ajax Security Team, has been active for the last five years. FireEye has been tracking the group on online forums, and says it began life as a loose collection of individuals getting together to find flaws in websites that would allow for defacement with pro-Iranian messages.
 But these attacks have now stopped – the last was recorded last December – and the AST has been using its own custom malware to get into the espionage business. The team developed malware dubbed Stealer which, while not particularly advanced, has proven rather effective.
 
Stealer is built into a CAB extractor, and once activated, writes itself onto the target's drive as IntelRS.exe. This then adds in a backdoor to the target system that communicates with command and control servers over FTP, a keylogger, and screenshot collector.
 
 
Full Article
 
A little more on the same or very similar topic.

Reply