"Ministry of Intelligence and Security (MOIS)-linked operatives appear to be the biggest offenders, according to Check Point Research, citing "repeated overlaps" between MuddyWater (aka Seedworm, Static Kitten) and Void Manticore (aka Storm-842, Handala Hack), and various criminal organizations and their tools and services."
"Void Manticore is a hacktivist crew that uses wipers, data leaks, and disinformation to advance Iranian government objectives, usually in campaigns targeting Israel. It also recently added a commercial infostealer - Rhadamanthys - sold on cybercrime forums to its arsenal, according to Check Point."
"The Iranian cyberspies typically pair the commercial infostealer with one of their custom data wipers in phishing emails sent to Israeli targets, frequently impersonating F5 updates, we're told. In the Tuesday research, Check Point shows one of these phishes that impersonated the Israeli National Cyber Directorate (INCD)."
Iranian Ministry of Intelligence and Security (MOIS)-linked operatives, particularly MuddyWater and Void Manticore, are integrating commercial cybercrime tools into their state-sponsored cyber operations. Void Manticore, a hacktivist group advancing Iranian government objectives primarily against Israeli targets, has adopted Rhadamanthys, a commercial infostealer sold on cybercrime forums. These groups pair commercial malware with custom data wipers in phishing campaigns impersonating legitimate software updates and government agencies. MuddyWater has conducted espionage operations for MOIS since 2018, including targeting critical American networks. This represents a shift from using criminal infrastructure as cover to actively leveraging cybercrime tools and services as operational components.
#iranian-cyber-operations #state-sponsored-malware #cybercrime-infrastructure #muddywater-and-void-manticore #rhadamanthys-infostealer
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]