Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ajax Security Team operated in grey area between hacktivism and nation-state sponsored

by The Gurus
May 14, 2014
in Editor's News
Share on FacebookShare on Twitter

A hacking group believed to be operating from Iran has conducted multiple cyber espionage operations using tailored malware.
 
Named the Ajax Security Team, particulars of the group were laid out in research by FireEye, who detailed the activities in what it calls “Operation Saffron Rose”. It said that it has transitioned from performing website defacements, which it did before 2010, to malware-based espionage. Targets include companies in the defence industrial base (DIB) within the Unites States, as well as local Iranian users of Proxifier or Psiphon, which are anti-censorship technologies that bypass Iran’s Internet filtering system.
 
Tactics used include spear phishing using a fake conference conference page as a lure that required the recipient to install “proxy” software in order to access it, which is actually malware. It has also phished for credentials via tailored login pages.
 
The most commonly-used malware is called “Stealer”, which is not publicly available. This drops a malicious executable and has various data collection modules to exfiltrate data over FTP. “There is code to exfiltrate data over HTTP POST as well, but it is unused. We also found incomplete code that would perform SFTP and SMTP exfiltration, which could be completed in a future version,” it said.
 
The Ajax Security Team website had a web forum with at least 236 members, but there has been no defacements since December 2013, and by early 2014 the operation appears to have ended.
 
Security researcher Lewis Henderson told IT Security Guru that a hacking group based in Iran is recruiting globally and this isn’t nation state, but they are just using it as a hideaway essentially. “They are recruiting people with SCADA and industrial control skills, so they can begin taking out western infrastructure,” he said.
 
A prominent member is named “HUrr!c4nE!”, who is engaged in operations that align with Iran’s
political objectives, according to FireEye. It said: “Recruiting hackers through this model allows Iran to influence their activities, and provides the Iranian Government plausible deniability, but a lack of direct control also means that the groups may be unpredictable and engage in unsanctioned attacks.”
 
Nart Villeneuve, senior threat intelligence researcher at FireEye, said: “There is an evolution underway within Iranian-based hacker groups that coincides with Iran’s efforts at controlling political dissent and expanding its offensive cyber capabilities.
 
“We have witnessed not just growing activity on the part of Iranian-based threat actors but also a transition to cyber-espionage tactics. We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets’ machines for longer-term initiatives.”

FacebookTweetLinkedIn
Tags: attackCNIMalware
ShareTweetShare
Previous Post

Too good to be forgotten?

Next Post

Why are default passwords unchanged – industry views

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information