Siamesekitten Launches New Operations Against Israeli Organizations

 

To mask their actual objectives, hackers affiliated with the government of Iran have concentrated their offensive efforts on IT and communications businesses in Israel. Ever since least 2018, operations have indeed been ascribed to the APT group of Iranians known as Lyceum, Hexane, and Siamesekitten. At the epicenter of a cyberattack on the supply chain, IT and communications companies in Israel has been led by Iranian threat actors who have impersonated businesses and their HR professionals to target victims with fraudulent employment proposals to infiltrate their systems and obtain access to the firms' customers. ClearSky claimed that the cyberattacks on IT and telecom firms are designed to make supply chain attacks on its customers simpler.The operations, which took place in two phases in May and July 2021, are connected with the hacking group Siamesekitten, which has mainly pinpointed the Middle East and African oil, gas, and telecommunications suppliers. The attackers coupled social engineering technology with an enhanced malware version to provide remote access to the affected machine. In one case, the cybercriminals used the username of a former HR manager of ChipPC company to construct a fraudulent LinkedIn profile, a strong indication that the hackers had been doing their research even before the campaign was launched.In addition to using Lure documents as the initial vector of attacks, its network comprised the establishment of fraudulent websites, which imitated the impersonation of the organization, and the creation of false LinkedIn profiles. The bait files take the shape of a macro-embedded Excel table, detailing alleged job offers and of a portable (PE) file containing a 'catalog' of products utilized by the imp ..

Support the originator by clicking the read the rest link below.