https://www.theregister.co.uk/2019/12/05/iran_zerocleare_attack/
By Shaun Nichols in San Francisco
The Register
5 Dec 2019
An Iran-based hacking crew long known to target energy facilities in
neighboring Middle Eastern countries is believed to be launching new attacks.
The team at IBM's X-Force said an actively spreading malware package dubbed
ZeroCleare looks to be in part the work of APT34, a hacking crew commonly
accepted to be operating out of Iran.
According to researchers, APT34 and another crew from Iran have been using
poisoned VPN nodes to get onto machines located at energy facilities in the
region. In at least one case so far, they were successful.
"The attack timeline may have begun as early as Autumn of 2018 with
reconnaissance scanning from various low-cost/free VPN providers and gaining
access to one of the accounts that was later involved in the attack," the
X-Force report reads.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
