Israel has been attacked by Iranian cyber terrorists, according to report from the firm ClearSky. A group identified as Ajax Security is reportedly behind the attacks which were carried out on a number of different Middle Eastern countries.
The report is titled, “Thamar Reservoir: An Iranian cyber-attack campaign against targets in the Middle East.”
In fact, Israel was not even the worst hit by the group. It only came in second by total number of hacks made against it, with only 14% of the total directed at Israeli institutions. This was far behind the number one country on the list, Saudi Arabia, which was the victim of 44% of Ajax’s hacks, ClearSky reports.
This makes sense since Iran and the Saudis are currently fighting a proxy war in Yemen, supporting opposite sides in the current civil war there. Other countries victimized included Yemen, Pakistan, The United Arab Emirates, Egypt and Morocco.
Countries in other parts of the world such as Venezuela, England and Canada were also hit. Perhaps because it is also an oil producing nation, Venezuela came in 4th overall with 11% of all of the attacks made by Ajax having been directed against the South American nation.
According to ClearSky, 40 different Israeli targets were hit. These included employees at security companies, high-ranking Israel Defense Forces reservists, and also academics involved research on the Middle East and Iran at universities around the country. The attacks date back to 2011.
How they worked:
The attacks succeeded by using various infiltration techniques. These included: Breaching trusted websites to set up fake pages; Using multi-stage malware; Sending multiple spear phishing emails based on reconnaissance and information gathering; Phone calls to the target; Messages on social networks.
“While very successful in their attacks – the attackers are clearly not technically sophisticated. They are not new to hacking, but do make various mistakes – such as grammatical errors, exposure of attack infrastructure, easy to bypass anti analysis techniques, lack of code obfuscation, and more, ” stated ClearSky.
The firm stated that it could tell that the Iranians were behind the cyber terrorism because of the methods used. “Various characteristics of the attacks and their targets bring us to the conclusion that the threat actors are Iranian, ” stated the report.
The characteristics shared with previously documented activities were:
Attacks conducted using the Gholee malware, which we discovered.
Attacks reported by Trend Micro in Operation Woolen-Goldfish.
Attacks conducted by the Ajax Security Team as documented by FireEye.
Attacks seen during Newscaster as documented by iSight.
Read the full report here.