Israeli cyber resilience firmGambithas analyzed the Ababil of Minab group and found links to infrastructure previously used by hackers tied to theIraniangovernment.“Our investigation found that Ababil of Minab is unlikely to be a new, standalone hacktivist crew, as they claim,” Gambit said in itsreport. “Forensic evidence ties the operation to infrastructure and activity associated withBlack Shadow, an Iran-linked group, which was attributed by the Israel National Cyber Directorate to Iran’s Ministry of Intelligence and Security.”Gambit identified attacks launched by Ababil of Minab against organizations in the US, Israel, Saudi Arabia, and Turkey. The attackers were seen exfiltrating data in all attacks and in some cases conducted destructive activities.“The victims include an Israeli organization in the media sector, an Israeli higher education institution, a Turkish insurance brokerage, and several additional websites across the restaurant, culture, digital services, and news sectors,” Gambit said.Related:US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesRelated:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
“Our investigation found that Ababil of Minab is unlikely to be a new, standalone hacktivist crew, as they claim,” Gambit said in itsreport. “Forensic evidence ties the operation to infrastructure and activity associated withBlack Shadow, an Iran-linked group, which was attributed by the Israel National Cyber Directorate to Iran’s Ministry of Intelligence and Security.”Gambit identified attacks launched by Ababil of Minab against organizations in the US, Israel, Saudi Arabia, and Turkey. The attackers were seen exfiltrating data in all attacks and in some cases conducted destructive activities.“The victims include an Israeli organization in the media sector, an Israeli higher education institution, a Turkish insurance brokerage, and several additional websites across the restaurant, culture, digital services, and news sectors,” Gambit said.Related:US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesRelated:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Gambit identified attacks launched by Ababil of Minab against organizations in the US, Israel, Saudi Arabia, and Turkey. The attackers were seen exfiltrating data in all attacks and in some cases conducted destructive activities.“The victims include an Israeli organization in the media sector, an Israeli higher education institution, a Turkish insurance brokerage, and several additional websites across the restaurant, culture, digital services, and news sectors,” Gambit said.Related:US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesRelated:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
“The victims include an Israeli organization in the media sector, an Israeli higher education institution, a Turkish insurance brokerage, and several additional websites across the restaurant, culture, digital services, and news sectors,” Gambit said.Related:US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesRelated:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Related:US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesRelated:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Related:Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsRelated:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Related:Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayRelated:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Related:Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Source: SecurityWeek
