Wednesday, October 28, 05:42
Home security Iranian hackers are attacking government agencies

Iranian hackers are attacking government agencies

A new malicious software called ForeLord, was discovered by researchers security. As it was found, Iranian hackers are using it to attack government organizations via MS excel files.

The team hacking by Iran, known as COBALT ULSTER or MuddyWater, is behind this attack and is believed to be retaliatory actions against USA, on the death of Iranian General Soleimani on January 2, 2020.

This group as it is ascertain since last year, it has introduced a new set of holdings in its arsenal as well as tactics, techniques and procedures so it can target government entities and telecommunications sectors.

The researchers also identified a series of malicious campaigns that took place from mid-2019 to mid-January 2020 and targeted government organizations in Turkey, Jordan and Iraq.

Iranian hackers sell access to compromised corporate networks

What is ForeLord?

It's a trojan remote access, often distributed through a malicious excel document containing a macro with a secret mechanism that creates persistence.

In the initial phase of the attack, malware sends emails that deliver a ZIP file containing malicious files Excel.

This malicious Excel file is used as a macro to assist with the installation of ForeLord RAT, while at the same time the malicious document uses cmd.exe to execute a batch script to add a key to the registry that will allow it to remain on the system even when the victim restarts.

Once the malware gets access, in this case Iranian hackers download various tools, such as PasswordDumper.exe, PASS32.dll, Mimikatz and others, to collect credentials, check the credentials on the network, and create a reverse. SSL tunnel to provide an additional access channel to network.

Specifically, one of the open source penetration control tools, known as CredNinja.ps1, is used in this attack to collect credentials.

Finally, they use another tool called Secure Socket Funneling, a network tool, and a set of tools for forwarding stolen data from multiple slots, through a single TLS tunnel to a remote computer.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Among Us: players were hit by a spam attack

InnerSloth, creator of the popular game Among Us, faced an attack that affected its players last week. More specifically, some ...

Data breach in a law firm exposes data of Google employees

Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP revealed that it suffered a data breach that led to the leakage of personal data ...

How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...