Trusted

Iranian Hackers Targeting Dozens of Organizations Using VPN Exploit

2 mins
By
Updated by
Join our Trading Community on Telegram
Reports by security researchers have revealed that state-sponsored hackers in Iran were able to use a VPN flaw to access numerous companies and organizations worldwide.
According to new reports published by online security researchers, Iranian state-backed hackers have been using a previously unknown VPN flaw to target companies and organizations around the world. The newly-discovered operation appears to have been going on for around three years now.

Iran Sees Spike in Cyber-Espionage

Researchers from ClearSky have named the campaign “Fox Kitten,” and claim that the act is part of a cyber-espionage initiative that targeting IT firms, oil and gas companies, telecommunication, governments, aviation, security sectors, and more. The report further notes that this is one of Iran’s most continuous and comprehensive campaigns to date. From what the researchers were able to discover, the campaign was used as a reconnaissance infrastructure. However, it can easily become more destructive, and hackers could use it for spreading and activating malware. The report further says that the activities were tied to multiple threat groups, including APT33, APT34, and APT39. The attackers not only stole sensitive information but also employed supply-chain attacks that affected additional organizations. Iran

Details about the Campaign

As mentioned, the breaches were possible due to the exploitation of an unpatched VPN flaw, which allowed hackers to penetrate the targeted companies’ defenses and steal sensitive data. There were several VPN systems that hackers exploited in this way, including Pulse Secure Connect, Global Protect, Citrix, and Fortinet FortiOS. ClearSky further notes that hackers managed to gain access to the targeted organizations’ core systems, and leave additional malware behind, which continued to spread throughout the network by exploiting 1-day vulnerabilities. Researchers also reported that hackers used a rather stealthy approach, and even the backdoor code itself was downloaded in small chunks so that antivirus software would not detect them. After they infected the systems, hackers executed the backdoor to scan for sensitive information and retrieve the files through a remote desktop connection or by opening a socket-based connection to a hardcoded IP address. Another curious detail about the attack is that it involved multiple hacking groups that collaborated in order to reach their goals.
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Sponsored
Sponsored