By Zev Stub, JPost—
Iranian threat actors are running a highly targeted cyberespionage operation against global aerospace and telecommunications companies, stealing sensitive information from targets around Israel and the Middle East, as well as in the United States, Russia and Europe, according to a report published Wednesday by Israeli cybersecurity company Cybereason.
Cybereason identified the previously unknown state actor, dubbed MalKamak, running a sophisticated new form of malware that was previously unknown, during an incident response call for one of its clients, said Assaf Dahan, head of the cyberthreat research group at Cybereason.
The campaign has been running since at least 2018, and has likely succeeded in gathering large amounts of data from carefully chosen targets, Dahan said.
“The investigation began after Cybereason’s Incident Response Research Team was called in to assist one of the attacked companies,” Dahan said. “During the incident and after installing our technology on the organization’s computers, we identified sophisticated and new damage that has yet to be seen or documented. Deep investigative work found that this is just one part of an entire Iranian intelligence campaign that has been conducted in secret and under the radar for the past three years.
“From the few traces left behind by the attackers, it is clear that they acted carefully and selected their victims thoroughly. This is a sophisticated Iranian attacker who acted professionally according to a considered and calculated strategy. The potential risk inherent in such an assault campaign is large and significant for the State of Israel and may pose a real threat. Continue Reading….