CySecurity News – Latest Information Security and Hacking Incidents
Iranian hackers are using the New Marlin backdoor as part of a long-running surveillance operation that began in April 2018. ESET, a Slovak cybersecurity firm, linked the attacks, entitled “Out to Sea,” to a threat actor known as OilRig (aka APT34), firmly linking its actions to another Iranian group known as Lyceum as well (Hexane aka SiameseKitten).
Since 2014, the hacking organization has attacked Middle Eastern governments as well as a range of industry verticals, including chemical, oil, finance, and telecommunications. In April 2021, the threat actors used an implant dubbed SideTwist to assault a Lebanese company.
“Victims of the campaign include diplomatic institutions, technological businesses, and medical organizations in Israel, Tunisia, and the United Arab Emirates,” according to a report by ESET.
Lyceum has previously conducted campaigns in Israel, Morocco, Tunisia, and Saudi Arabia to single out IT companies. Since the campaign’s discovery in 2018, the Lyceum infecting chains have developed to drop many backdoors, starting with DanBot and progressing to Shark and Milan in 2021. Later attacks, utilizing a new data harvesting virus dubbed Marlin, were detected in August 2021.
The hacking organization discarded the old OilRig TTPs, which comprised command-and-control (C&C) connections over DNS and HTTPS. For its C2 activities, Marlin relies on Microsoft’s OneDrive API. ESET identified parallels in tools and tactics betwe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: