Continental Postal Services of Hebland

Iran-linked hacker group Cavern Manticore targets Israeli IT, government sectors


An Iran-linked hacking group has created a new framework to attack Israeli organizations in the government and IT sectors while evading traditional detection and analysis systems, Israeli cybersecurity company Check Point disclosed in a report released on Monday.

This new framework allows hackers to tailor attacks to new environments, limit what defenders and analysts can recover from any single victim, and extend access after the initial attack through specialized modules for expansion and data access, CPR explained.

According to the report, the group first attacked and used trusted IT providers to spread their new tool, which then gained access to files on the infected computers, downloaded additional programs, searched files and internal networks, tested passwords, and moved deeper into the targeted organizations.

Once installed, the tool can infiltrate programs used to access other computers. Malware disguised as legitimate updates from the IT provider can be delivered to the customer.

The tool appeared to be specifically designed to exploit Remote Monitoring and Management (RMM) solutions, in which control of a device can be transferred to another party.

CPR found multiple instances of an initially compromised provider leading to another before the tool reached its intended target, leading to the belief that Cavern Manticore has a detailed understanding of the IT supplier chains within Israel.

CPR warned that Cavern Manticore illustrated the strength and danger of Iranian cyber capabilities with a system that can rapidly adapt to new campaigns, targets, and operational requirements.





Source link

Leave A Reply

Your email address will not be published.