Latest News
- Kuwait-Jordan Durra Field Joint Statement Rejected By Iran
- GTD Cracks Down On Vehicle Noise Pollution In Sulaibiya
- Mystery Of Dead Fish At Shuwaikh Beach Sparks Urgent Action
- MEW To Complete Links With The Interior And Justice Ministries B...
- 8 Expats Jailed For Bribing An Officer To Obtain Driver's Licens...
- Weekend Weather Is Expected To Be Hot
- From Tomorrow, Traffic Diversion On Third Ring Road
- Ministry Of Health Refute Rumors On Non-availability Of Antibiot...
- Amir Of Kuwait And Jordan King Renew Commitment To Regional Secu...
- 37 Arrested With Narcotics And Firearms
- Outrage Over Candidate's Arrest
- Six Stores Shut Down In Jahra For Selling Fake Goods
Iran Hack Targets Kuwait, Uae Units
Anomali, a cyber security company headquartered in the United States of America (USA), has conducted a research revealing that Iranian hackers are eyeing government institutions in Kuwait and the United Arab Emirates (UAE) in a possible cyber espionage campaign. A report published on the website of The Hacker News quoted the researchers at Anomali as saying that the brain behind the campaign is Static Kitten, also known as Mercury or MuddyWater.
The attack includes the installation of a remote management tool called ‘ScreenConnect’, which was acquired by ConnectWise in 2015. “The tool has unique launch parameters with custom properties, along with malware samples and URLs masquerading as Kuwait’s Ministry of Foreign Affairs and the National Council in the UAE,” the researchers disclosed. Previous reports stated that Static Kitten started in 2017 and it is behind several attacks against countries in the Middle East.
It actively exploits Zerologon vulnerability in real-world attack campaigns to strike prominent Israeli organizations with malicious payloads. The Iranian Republican Guard allegedly commanded the State-sponsored hacking group to carry out the campaign, the Hacker News report added.
Claimed
Anomali discovered two separate lure ZIP files hosted on Onehub that claimed to contain a report on relations between Arab countries and Israel or a file relating to scholarships. The researchers explained that “the URLs distributed through these phishing emails direct recipients to the intended file storage location on Onehub, a legitimate service known to be used by Static Kitten for nefarious purposes.
Static Kitten is continuing to use Onehub to host a file containing ScreenConnect.” According to the researchers, “the attack is launched by guiding users to a downloader URL pointing to these ZIP files via a phishing email that, when opened, launches the installation process for ScreenConnect, and subsequently uses it to communicate with the adversary.
The URLs themselves are distributed through decoy documents embedded in the emails. ConnectWise Control (formerly called ScreenConnect) is a self-hosted remote desktop software application with support for unattended access and conducting meetings with screensharing features.” It has been discovered as well that the ultimate goal of the hackers is to utilize the software to connect to endpoints on client networks, enabling them to conduct further lateral movements and execute arbitrary commands in target environments in a bid to facilitate data theft. “Utilizing legitimate software for malicious purposes can be an effective way for threat actors to obfuscate their operations.
In this latest example, Static Kitten is very likely using features of ScreenConnect to steal sensitive information or download malware for additional cyber operations,” the researchers added.
SOURCE ARABTIMESONLINE
Trending News
-
Kuwait Implements Home Biometrics Services Ahead O...
14 April 2024
-
Kuwait Airways Provides Update On Flight Schedule...
14 April 2024
-
Kuwait Airways Introduces Convenient Home Luggage...
15 April 2024
-
Expat Residency Law Amended By Kuwait Ministerial...
20 April 2024
-
Two Expats Are Arrested For Stealing From Salmiya...
17 April 2024
-
An Egyptian Expat Dies At Kuwait's Airport
11 April 2024
-
Kuwait Airways Resumes Flights To Beirut And Oman...
15 April 2024
-
Bay Zero Water Park Kuwait: Summer Season Opens Ei...
11 April 2024
-
Temperature Increases Cause Electricity Load Index...
21 April 2024
-
Thief Returns Stolen Money With An Apology Letter...
15 April 2024
Comments Post Comment