Monday, September 28, 16:48
Home security Iranian hacking campaign targets European power companies

Iranian hacking campaign targets European power companies

A suspected hacking campaign with Iran has targeted the European energy sector and is believed to be a mission aimed at collecting sensitive information.

The network's penetration into the energy company has been analyzed by researchers at Cybersecurity Recorded Future.

The PupyRAT software used by the attackers is open source malware and can infiltrate Windows, Linux, OSX and Android to give hackers access to the victim's system, including usernames, passwords and sensitive information on the network.

Despite the open source nature of malware, PupyRAT is obviously linked to Iranian government hacking campaigns, especially by the APT 33 team, which has been identified in the past to do attacks targeting critical infrastructure.

Researchers have now identified the malware to have been used in attacks between November 2019 and January 2020.


Dates show campaign began before heightened geopolitical tensions in the Middle East following US airstrike that killed Iranian general Qassem Soleimani.

Researchers have not been able to pinpoint the exact delivery method, but they believe the malware is distributed through phishing attacks. Past campaigns APT 33 had involved assailants presenting themselves as individuals and gaining the trust of potential victims before finally sending them a malicious document.

However, the researchers saw a large amount of network traffic from the energy company targeting repeatedly communicating with command and control infrastructure associated with previous PupyRAT campaigns. The above is enough evidence to believe that the network is involved in what is referred to as espionage.

"In our estimation based on the traffic we were seeing, this was probably 'recognition'," said Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future, told ZDNet.

“Our sense is that given the network activity we see, access to this kind of sensitive information about power distribution and supply resources will be extremely valuable to opponents. "

Recorded Future has informed the target of the attack and the company security has worked with the energy company to eliminate intruders before more damage is done.

"Activating businesses or disaster strikes gets this kind of monthly recognition and insight into employee behavior in Companies and understanding how a particular capability could affect information or the distribution of energy resources. "

However, researchers note that hacking attempts on these networks are often prevented by security procedures, such as introducing two-factor authentication across the network and ensuring that passwords are complex and are not reused in many systems.

Network administrators should also keep an eye on network connection attempts, as this could reveal something suspicious.

"These groups often use password brute-forcing, so tracking multiple login attempts from the same IP address with different accounts is something that can be monitored," Moriuchi said.

Agencies should also ensure that their systems are regularly updated with appropriate security updates to ensure that criminals in cyberspace cannot exploit known vulnerabilities to access networks.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Amazon: What is Prime Day 2020 and when is it?

Prime Day is basically Amazon Black Friday. Below you will see all the relevant information we know so far about ...

TikTok: The ban on taking is rejected by the court

A federal judge has ruled out a Trump administration attempt to ban TikTok downloads for users in the United States. The decision gave ...

Experian breach: sensitive information is circulating on the internet

According to the South African Banking Risk Center (SABRIC), on August 19 the consumer, credit and business information services organization, Experian, ...

Ransomware: What would happen if the ransom payment was illegal?

Police always advise ransomware victims not to pay for criminal gangs that have encrypted their systems - and there are ...

Putin suggested cooperation in the US for the "end" of the election hack!

The President of Russia, Vladimir Putin, proposed to the USA a comprehensive program of measures, aimed at restoring the cooperation between the two countries ...

KuCoin: Infringement on the platform affected $ 150 million in cryptocurrency

On September 26, digital currency platform KuCoin announced a breach affecting Bitcoin, Ether and ERC20 hot wallets. The prices of ...

New modern Windows 10 disk management tool

The modern Windows 10 disk management tool is Microsoft's latest attempt to migrate old-fashioned tools to modern ...

Apple: Mentioned four vulnerabilities in macOS versions

Apple released security updates this week to address a total of four vulnerabilities affecting macOS. Specifically, vulnerabilities affect ...

Louis Vuitton: Fixed a significant vulnerability on her site

Louis Vuitton fixed a vulnerability that had been identified on its site and allowed attackers to carry out the so-called "email account ...

Tyler Technologies: Change remote support passwords

Tyler Technologies informs customers that they need to change the passwords of remote access accounts since they seem to be suspicious ...