The evolution of an Iranian hacker group
Posted on 14 May 2014.
Iran-based hacker groups have traditionally concentrated more on website defacement and DDoS attacks aimed at making a political statement, but as time passes, some of those groups and their attack methods and aims have evolved.

FireEye researchers have released a report on the activities of one such group - the Ajax Security Team - which started operating in 2010. The group started with the DDoSing and site defacements, but now, four years later, they have transitioned to malware-based espionage.

Their targets are US-based defense companies, as well as Iranian citizens that might be using popular Internet anti-censorship tools.

Their main aim is to make targets download information-stealing malware, and they do it by sending spear phishing emails and private messages via social media to lure targets to specially set up pages from which the malware - masquerading as some legitimate and helpful piece of software - is then downloaded.

The malware - dubbed by them "Stealer" - has several components, and gathers system information, takes screenshots, logs keystrokes, tracks credentials, bookmarks and history from major browsers, collects email account information, and more.

They are also after security credentials, so they often set up fake VPN login pages, Outlook Web Access login pages, and so on.

"The objectives of this group are consistent with Iranís efforts at controlling political dissent and expanding offensive cyber capabilities, but we believe that members of the group may also be dabbling in traditional cybercrime," the researchers commented.

"The capabilities of the Ajax Security Team remain unclear. This group uses at least one malware family that is not publicly available. We have not directly observed the Ajax Security Team use exploits to deliver malware, but it is unclear if they or other Iranian actors are capable of producing or acquiring exploit code."

For more detailed information about the group's members, tactics, and the malware and infrastructure they use, check out the full report.





Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //