Iranian Hackers Are Back To Target Govt. Organizations of Israel, Turkey And United States!

An Iranian hacking group is targeting various government organizations of United States, Israel and Turkey. This hacking group was first detected by Security Researchers of Palo Alto Networks last year. At that time, these hackers were hacking systems of financial organizations and banks of Saudi Arabia. Moreover, attacks on Defense Industry of Saudi Arabia, had been performed by this hacking group. This hacking group is back once again, with advanced and improved malware tools.

Palo Alto Was Keeping An Eye on These Hackers

Security Researchers of Palo Alto networks were tracing these hackers from day one. They were monitoring all the activities of this Iranian hacking group. According to Palo Alto, an industrial company of Qatar was the recent target of this hacking group. Now this hacking group is targeting government organizations of United States, Turkey and Israel. Researchers also said that this time they are using advanced malware tools to get the access of systems. These hackers are spreading a malware by pretending to be a part of well-known cyber security firms and FireEye is one of them.

Hackers Are Spreading “OilRig” Malware

Iranian hackers are spreading OilRig malware by hiding it behind Excel documents. OilRig is like a new wine in an old bottle. It is the updated version of famous Helminth malware. Hackers were using this malware to target banks and financial organizations. To spread OilRig malware, hackers are using their social engineering skills, spear phishing techniques and spam email campaigns. Hackers are sending specially crafted macro enabled malicious excel spreadsheets to victims. In a case of Turkish government, an official got a excel file which was same as a login portal of an airline. In actual it was a phishing form, which had been sent by the hackers.

OilRig malware is a mixture of various malwares. Four variants of Helminth malware has been discovered by security researchers from this OilRig malware. Hackers are using these variants to communicate with both DNS and HTTP remote servers. Through these command and control servers, hackers are collecting the information of infected device and adding new files remotely.

Similar Articles:

Helminth Malware works in two formats. One format is script based in which hackers use Powershell Scripts or VBScript. Second is executable file. Hackers use a HerHer named Trojan to spread malicious executable files of Helminth. This version of Helminth is capable to record key strokes after bypassing all the antivirus tools.

"Security researchers of Palo Alto Networks have found various clues, which are directly indicating that hackers belongs to Iran."

During the investigation of malware samples, researchers found the piece of codes which had been written by the authors in Persian language. Researchers have found the information about command and control servers. Some IP addresses has also been detected by Palo Alto networks, which belongs to Iran and also available in the blacklisted IP list Symantec.