Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

European Energy Firm Targeted by RAT Linked to Iran

Security researchers have discovered a new cyber-espionage operation with links to Iranian state hacking groups targeting a major European energy organization.

Recorded Future’s Insikt Group detected command-and-control (C&C) communications between a C&C server and the victim organization, from late November 2019 until at least January 5 2020.

The C&C server is associated with PupyRAT, an open source, post-exploitation remote access Trojan (RAT) used in the past by multiple Iranian threat actor groups such as APT33 and Cobalt Gypsy.

“While metadata alone does not confirm a compromise, we assess that the high volume and repeated communications from the targeted mail server to a PupyRAT C2 are sufficient to indicate a likely intrusion,” the security vendor wrote.

“Whoever the attacker is, the targeting of a mail server at a high-value critical infrastructure organization could give an adversary access to sensitive information on energy allocation and resourcing in Europe.”

Recorded Future emphasized that the activity pre-dates the current escalation in tensions between the West and Tehran, following the US assassination of a leading Iranian general and the downing of a civilian aircraft by Iranian soldiers.

Security experts have warned that the stand-off could lead to a new wave of Iranian attempts to compromise and disrupt critical infrastructure in the US and elsewhere.

In fact, as Recorded Future argued, Iranian state hackers have been “amassing operational network infrastructure throughout 2019,” and shifted their focus from IT networks to physical control systems in utilities, manufacturing facilities and oil refineries.

The firm urged organizations take a defence-in-depth approach to guard against RATs like PupyRat.

This includes: implementing multi-factor authentication, and/or using a password manager to store unique, strong credentials, monitoring for sequential login attempts from the same IP against different accounts and analyzing and cross-referencing log data.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Over 2000 WordPress Sites Hit by Malicious Redirects

2
News

Microsoft Exposes 250 Million Call Center Records in Privacy Snafu

3
News

Zynga Breach Hit 173 Million Accounts

4
News

US County Suffers Two Cyber-attacks in Three Weeks

5
News

US Cybersecurity Agency Issues Emotet Warning

6
News

Data on 30,000 Cannabis Users Exposed in Cloud Leak

1
Interview

Interview: Karl Lovink, Dutch Tax and Customs Administration

2
News

#BSidesLeeds: Credential Stuffing Often Seen as “Volume” Cybercrime

3
Blog

Big Data, Big Risks: Addressing the High-Tech & Telecoms Threat Landscape

4
News

#BSidesLeeds: Cyber is Running the World, More Innovation to Come

5
News

European Energy Firm Targeted by RAT Linked to Iran

6
News

Ransomware Payments Doubled and Downtime Grew in Q4

1
Webinar

Strategies to Scale and Upskill Your Security Team

2
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

3
Webinar

New Year, New Decade, New Threats and Challenges

4
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

5
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

6
Webinar

2019 Cybersecurity Headlines in Review

1
Blog

How 2019’s Worst Corporate Hacks Could Have Been Prevented

2
Blog

Security by Sector: Travel and Hospitality Industries Extend Security-Sharing Community

3
Blog

How to Prevent Your Business Being Hacked

4
Interview

Interview: Timur Kovalev, Chief Technology Officer, Untangle

5
News Feature

Rolling Vulnerability and Patch Management into Detection and Response

6
Opinion

Do We Need More Cyber Hygiene?