Iranian Hackers Suspected in Watering Hole Attack on Israeli Shipping and Logistics Websites
At least eight Israeli websites have been targeted in a watering hole attack that cybersecurity researchers believe could be the work of an Iranian nation-state threat group. The attack campaign, discovered by ClearSky Cyber Security, specifically focuses on shipping and logistics companies.
Attack Details
Once a website is infected, the attack uses a malicious script to collect preliminary user information. ClearSky notes that it has a “low confidence specific attribution” to the Tortoiseshell group out of Iran. However, previous attacks attributed to the group have used similar tactics and targeted IT providers in Saudi Arabia using custom and off-the-shelf malware. The end goal of these attacks was to compromise the IT provider’s customers. The Tortoiseshell group has been active since at least July 2018 and has previously been tied to C&C servers used in the current watering hole attack campaign.
Watering Hole Attacks and Iranian Threat Actors
Watering hole attacks, which involve compromising a website that is commonly used by a specific group of people and then using it to distribute malware to visitors of the site, have been frequently used by Iranian threat actors since at least 2017 to gain initial access to networks. While ClearSky’s researchers say the attribution of the current attack to the Tortoiseshell group is not certain, the targeting of Israeli shipping and logistics companies aligns with Iran’s history of cyberattacks against that sector over the past three years. Iranian threat actors have also previously targeted Israeli websites to collect data on logistics companies associated with shipping and healthcare.
Cybersecurity and Advice
With cybersecurity threats increasing every year, it is essential for companies to stay vigilant and prepared to defend themselves against potential attacks. Companies should prioritize security awareness training, maintain up-to-date software, and perform regular security assessments. Additionally, companies should be cautious when visiting websites and be aware of the warning signs of a watering hole attack. To protect yourself, use a trusted VPN service, keep your software up-to-date, and scan vulnerable websites with a web scanner like Qualys before visiting them.
Editorial
Iran’s use of cyberattacks against Israel is an ongoing issue. This latest watering hole attack on Israeli shipping and logistics companies further highlights the need for countries to invest in cybersecurity and to work together to protect against these threats. Additionally, these attacks have real-world consequences for the businesses targeted. Efforts must be made to hold those responsible accountable for their actions.
Conclusion:
Researchers believe that an Iranian nation-state threat group is behind a recent watering hole attack on Israeli shipping and logistics companies. This highlights the importance of companies prioritizing cybersecurity and being vigilant against potential attacks. While the attribution of the attack is not certain, Iranian threat actors have historically targeted Israeli shipping and logistics companies and must be held accountable for their actions.
<< photo by Petter Lagson >>
You might want to read !
- Iranian Hackers Use Tortoiseshell Technique to Target Israeli Logistics Industry
- The Dangers of AI-Powered Scammers in China
- Android App Update Turns Popular App Into Spyware with 50,000 Downloads
- The Rise of ScanBox Keylogger: Watering Hole Attacks on the Horizon
- “The rise of smart homes: Privacy concerns and the impact on personal data”
- “Building a Secure Future: 4 Principles for Developing Software in Today’s Landscape”
- Trojan-Horse Tactics Enhance Political Tension Between China and Taiwan
- “Modular Maritime Security Lab: The Innovative Solution to Shield Ships from Cyberthreats”
- Advocacy groups call on Slack to improve users’ message privacy
- Exploring the Implications of IBM’s Acquisition of Polar for Shadow Data Cloud Security
