• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » US CISA and Iranian Hackers Exchange Cyber Attacks

US CISA and Iranian Hackers Exchange Cyber Attacks

2019-06-24 by Michelle Dvorak

US CISA Warns of Iranian Cyber Attack Threat

U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs posted a warning about an increase in Iranian cyber attacks against the United States. The CISA warns of a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.” The CISA Director’s warning was posted on his Twitter account.

Iranian hackers are using wiper tools rather than ransomware, spyware or other less harmful malware on targeted networks and computers. Wiper tools are destructive malware that completely delete computer files or damage a network with no way to recover data unless a backup exists. Cyber researchers at FireEye, CrowdStrike and Dragos Inc. have all reported an increase in phishing emails sent to US targets. The hackers are believed to be Advanced Persistent Threat 33 (APT33). Hacking group APT33 is also known as Magnallium or Refined Kitten.

CISA Director Chris Krebs post
CISA Director Chris Krebs post

The cyber and phishing attacks come amidst escalating tension between the United States and Iran.

US Cyber Attacks on Iran

The United States claimed responsibility for its own retaliatory cyber attack on Iran. The US cyber attacks were launched by US Cyber Command and were targeted at an intelligence group connected to the Iranian Revolutionary Guard with the intention to crippled Iran’s rocket launch systems involved with the bombing of two oil tankers last week.

WebRoot cyber sec

Iranian official Mohammad Javad Azari Jahromi, Iran’s minister for information and communications technology admitted to the cyber attacks and posted about it on Twitter, “They try hard, but have not carried out a successful attack.” He went on to say that, “Last year we neutralized 33 million attacks with the (national) firewall.”

MuddyWater Iranian Hacking Group

Iranian government-backed hacking group MuddyWater, also called SeedWorm, supplemented its techniques with two new tactics. MuddyWater is using Microsoft Word documents containing malicious macros that drop payloads on to victims via compromised servers. The hacking group is also using the CVE-2017-0199 exploit also known as Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API.

MuddyWater targets the telecommunication industry and government organizations. The group is known to actively impersonate government accounts.

CVE-2017-0199 is not a new security vulnerability. A hacker who exploits the CVE-2017-0199 vulnerability can take control of a computer system and install malware, view or delete data; or grant themselves admin access to the device. The cyber attack is initiated with a phishing email that tricks the recipient into opening a malicious email attachment. To guard against the cyber attack Microsoft Office and WordPad should be kept up-to-date with the latest security patches.

What are Advanced Persistent Threat Groups?

Advanced Persistent Threat Groups (APT) are organized hacking groups that are many times state-sponsored. These hacking groups are assigned numbers to keep track of their progress and hacking techniques. APT groups are responsible for some of the largest and most successful cyber attacks in the world. The hacking groups are also given names by private cyber security researchers to avoid offending governments by calling out the attacking agency. The US government backed APT group is called Equation Group. APT groups generally work with a “low and slow” strategy by not attacking a large volume quickly but rather working to remain undetected for long periods of time while gathering the data or money. Many APT groups have gone undetected for years before discovery.

What Is the Main Goal of An APT Attack?

Advanced Persistent Threat cyber attacks target corporations and government agencies usually to fund activities or gather sensitive data. APT groups conduct corporate and government espionage on behalf of their sponsoring government entity. They also fund other activities by siphoning money from large corporations. APT groups tend to specialize or focus on a few industries or governments. Most APT attacks begin with social engineering to obtain login credentials.

Are Advanced Persistent Threats Fully Automated?

Advanced Persistent Threats are not fully automated. They require a level of skill and IT network knowledge. Although part of the APT cyber attack may be automated so intelligence can be gathered over long periods of time., hackers must continually hone their skills to circumvent new cyber security protocols and defenses.

What is Malware?

Malware is any unwanted program or app on a computer, hardware, device, or IT system. Malware includes ransomware, adware, spyware, malicious macros and executable files. The goal may be to take over a device or system. Many times, identity theft or credential phishing are part of the strategy.

Filed Under: Government Cyber Security Tagged With: APT33, Iran, MuddyWater

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version