Defensive cyber company Cybereason today (Wednesday) unveiled a sophisticated spyware infrastructure attributed to an Iranian attack group. The group worked to spy on and steal sensitive information from various targets in Israel, throughout the Middle East, as well as in the United States, Russia and Europe.
Following an investigation that lasted several months, the Sabrizen research team uncovered an extensive assault campaign which is attributed to an Iranian assault group known as MalKamak. The investigation shows that the group has been operating under the radar since 2018 and has not been revealed to date. The attackers acted covertly and meticulously, seeking to infiltrate strategic targets, particularly among companies and organizations engaged in data communications, aerial technologies and space exploration.
During the attack campaign, the attackers used a Remote Access Trojan (RAT) known as ShellClient which has not been documented at all to date and has evolved significantly over the years.
The damage was introduced to the organizations’ infrastructure and served as a key tool for spying and stealing sensitive information from critical infrastructure, assets and various technologies. Attackers took advantage of the widespread use of the popular Dropbox platform (which offers free cloud storage services) in favor of remote control, under the guise of legitimate network traffic.
By doing so, the attackers scanned the internal networks and stole information without being exposed by antivirus software or other means of protection.
“In recent months, Cyberizen’s research team has uncovered a series of spyware infrastructures in various countries, all of which have bypassed existing defense systems and even taken advantage of them,” said Lior Dib, CEO and founder of Cyberizen. Helps stop sophisticated attacks. The cyberbullying solution that identified this attack relies on behavioral analysis and provides a complete, real.time focused picture. “
“The investigation began after Cyberisen’s Incident Response Research Teams were called in to assist one of the attacked companies. During the incident and after installing our technology on the organization’s computers, we identified sophisticated and new damage that has yet to be seen or documented. “One part of an entire Iranian intelligence campaign, which has been conducted in secret and under the radar for the past three years,” said Assaf Dahan, head of the cyber threat research group at Cyberzen.
He added: “From the findings of the study, and from the few traces left behind by the attackers, it is clear that they acted thoroughly and selected their victims carefully. This is a sophisticated Iranian attacker, acting professionally according to a considered and calculated strategy. And significant for the State of Israel and may even pose a real threat. “
Cybereason is a defensive cyber company that protects endpoints in organizations and aims to identify, prevent and neutralize cyber attacks (NGAV, EDR, XDR). The company was founded in 2012 by three entrepreneurs: Lior Dib, Yossi Naar and Yonatan Shetrim.Amit and currently has more than 1,000 employees around the world with offices in Tokyo, Singapore, London, Boston and Tel Aviv.
Sabrizen has developed a sophisticated system that collects information from all end stations in the organization (computers, servers, telephones, etc.) and analyzes their operations. With the help of the vast amount of information gathered in real time, the product detects malicious behaviors and presents the chain of events through a simple and intuitive interface. The platform enables organizations to continuously monitor the various systems in the organization, as well as identify, investigate, isolate and stop real.time attacks.
The company operates in more than 50 countries around the world and its customers include the world’s leading companies from a variety of fields including banks, international financial corporations, pharmaceutical manufacturers, software companies and more.