Iranian Threat Actors: Preliminary Analysis

Nowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government.


Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a quick and short study based on cross correlation between MITRE ATT&CK and Malpedia about some of the main threat actors attributed to Iran. The Following sections describe the TTPs (Tactics, Techniques and Procedures) used by some of the most influential Iranian APT groups. Each section comes with a main graph which is built by scripting and which comes without legend, so please keep in mind while reading that: the red circles represent the analyzed threat actors, the green circles represent threat actor’s used techniques, the blue circles represent the threat actor’s used Malware and the black circles represent the threat actor’s used tool sets.


OilRig


According to Malpedia: “OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industries; however, this group has occasionally targeted organizations outside of the Middle East as well. It also appears OilRig carries out supply chain attacks, where the threat group leverages the trust relationship between organizations to attack their primary targets.” The threat actor uses opensource tools such as Mimikatz and laZagne, common sysadmin toolset available on Microsoft distribution or sysinternals such as: PsExec, CertUtil, Netstat, SystemInfo, ipconfig and task ..

Support the originator by clicking the read the rest link below.