Suspected Iranian hackers have zeroed-in on a target in Lebanon, according to Check Point research published Thursday.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Researchers caught attackers sending an unidentified Lebanese target documents that purported to contain details about job opportunities. If accessed in certain ways, those documents would deploy malware against victims. One such document imitated Ntiva IT, a consulting firm based in Virginia, Check Point said.

In order to be infected, targets would have needed to enable macros on the documents, triggering a process that launches malware every five minutes.

The hackers, which Check Point suspects belong to a hacking group known as APT34 or OilRig, have been using a new backdoor to access their targets, according to the researchers. APT34, which researchers say has been operating since 2014, is believed to frequently rely on decoy job opportunities to trap targets in their campaigns.

The group used LinkedIn in 2019 to go after espionage targets with fake job opportunities, according to FireEye research, for instance. In one other campaign, known as DNSpionage, hackers went after Lebanese and United Arab Emirates targets with websites containing fake job postings, according to Cisco Talos research. Talos researchers found a potential link between the DNSpionage hacking and the suspected Iranian hackers.

The hackers, which FireEye suspects has backing from the Iranian government, frequently aim to infiltrate governments in the Middle East, and organizations in the financial, government, energy and telecommunications sectors. Check Point did not providing identifying information about the apparent Lebanese targets.

Check Point attributes the latest campaign to APT34 due to similarities between this operation and previous APT34 schemes — including the macros, the backdoor, the approach to targets and other technical similarities, researchers note in blog on their findings.

In previous campaigns the attackers used imitation websites to conduct command-and-control communications, then gather data.

Check Point suggests that some of the differences in the campaigns are likely rooted in the fact that the hacking group’s tools were leaked in 2019, forcing APT34 to revamp its operations.

“Iran-backed APT34 shows no sign of slowing down, further pushing its political agenda in the middle-east, with an ongoing focus on Lebanon – using offensive cyber operations,” researchers noted.

The U.S. National Security Agency and the U.K.’s National Cyber Security Centre have been tracking the suspected Iranian cyber-espionage group’s activities for years. A two-year long investigation, which the NSA and NCSC jointly unveiled in 2019, showed Turla, a hacking group with links to Russian intelligence, was piggybacking on APT34’s hacking infrastructure.

The post Fake job listings help suspected Iranian hackers aim at targets in Lebanon appeared first on CyberScoop.

By admin