| Category | Details |
|---|---|
| Threat Actors | Iran-affiliated threat actors, linked to Cyber Av3ngers |
| Campaign Overview | New custom malware IOCONTROL targeting IoT and SCADA devices in Israel and the United States |
| Target Regions (Victims) | Israel, United States, critical infrastructure, fuel management systems (Orpak, Gasboy) |
| Methodology | Malware embedded in devices, use of MQTT messaging protocol, Cloudflare DNS-over-HTTPS (DoH) for C2 connections, lateral movement functionality |
| Product Targeted | IoT/OT platforms, SCADA systems, Linux-based devices, programmable logic controllers (PLCs), human-machine interfaces (HMI), routers, IP cameras |
| Malware Reference | IOCONTROL malware, custom-built, modular configuration, backdoor deployment |
| Tools Used | MQTT protocol, Cloudflare DNS-over-HTTPS (DoH) service, C2 communication channels, OS command execution tools |
| Vulnerabilities Exploited | Embedded malware targeting payment terminals, IoT devices, operational technology vulnerabilities |
| TTPs | C2 communication, data exfiltration, arbitrary OS command execution, remote control, lateral movement, evading detection using DNS-over-HTTPS |
| Attribution | Iran-affiliated groups, nation-state actors, specifically linked to Cyber Av3ngers and critical infrastructure attacks |
| Recommendations | Strengthen IoT/OT cybersecurity, monitor and secure SCADA devices, implement robust C2 detection mechanisms, utilize threat intelligence platforms |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html
The above summary has been generated by an AI language model
Related posts:
Dark Web Profile: Tropic Trooper (APT23)
Beyond the Surface: the evolution and expansion of the SideWinder APT group
South Asian hackers target Pakistani entities in new espionage campaign
Inside Intelligence Center: Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers
Leave a Reply