Microsoft: Iran's Cybercrews Got Stuck Into Israel Days After Hamas Attacked – Not In Tandem
Iran's role in the Israel-Hamas war has been largely "reactive and opportunistic," says Microsoft, in contrast to reports that Tehran's spies plotted cyberattacks against Israel to coincide with the October 7 Hamas terrorist atrocity.
Iran's claims about the impact of subsequent computer network breaches were widely inflated, the Windows giant explained in a presentation at the CyberWarCon defense conference in Washington DC. Redmond has been monitoring cybercrews affiliated with Iran's Ministry of Intelligence and Security (MOIS) and Islamic Revolutionary Guard Corps (IRGC) for years now, but noted they didn't appear to be acting with prior knowledge of Hamas's actions.
There's significant overlap between the Iranian cybergangs, but in general security researchers track the MOIS-linked teams as MuddyWater and APT35 (Mandiant), and Rocket Kitten, while APT42 (Mandiant), Charming Kitten, Imperial Kitten, and Mint Sandstrom (Microsoft) are usually associated with the IRGC.
"It took 11 days from the start of the ground conflict before Microsoft saw Iran enter the war in the cyber domain," according to Microsoft Threat Intelligence, which posted detailed research presented at the conference on Thursday.
The first of two observed destructive cyberattacks targeting Israel's infrastructure occurred on October 18, the threat hunters added, but did not provide details about what infrastructure Iranian cybercrews targeted nor the damage they caused.
It is worth noting that, in separate research published today, CrowdStrike attributed a "series" of cyberattacks in October targeting Israeli transportation, logistics, and technology firms to the IRGC's Imperial Kitten group.
CrowdStrike also doesn't provide details about the October attacks or their impact, if any, but says the operations and malware used indicate similar tactics and techniques that Imperial Kitten has employed for the last year or so.
- Hacktivist attacks erupt in Middle East following Hamas assault on Israel
- Adobe sells fake AI-generated Israel-Hamas war images – then the news ran them as real
- Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
- Iran steps up its cybercrime game and Uncle Sam punches back
The Microsoft research indicates that Iranian crews have deployed ransomware at least once since the Israel conflict began.
"Operators leveraged existing access or acquired access to the first available target. Further, the data shows that, in the case of a ransomware attack, Iranian actors' claims of impact and precision targeting were almost certainly fabricated."
This is true to form for Iran-backed miscreants, Microsoft explained, and part of their "tried-and-true" method of "exaggerating the success of their computer network attacks and amplifying those claims and activities via a well-integrated deployment of information operations."
In other words propaganda, amplified by social media, which has become increasingly popular in cyberwar — as we've seen in the ongoing illegal Russian invasion of Ukraine.
As an example of this in Israel, Redmond's team spotted Iranian crews compromising webcams and then framing this as a strategic operation against a specific military installation.
"In reality, the compromised cameras were located at scattered sites outside any one defined region," Microsoft wrote.
"This suggests that despite Iran actors' strategic claims, this camera example was ultimately a case of adversaries continuing to opportunistically discover and compromise vulnerable connected devices and try to reframe this routine work as more impactful in the context of the current conflict." ®
From Chip War To Cloud War: The Next Frontier In Global Tech Competition
The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more
The High Stakes Of Tech Regulation: Security Risks And Market Dynamics
The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more
The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics
Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more
The Data Crunch In AI: Strategies For Sustainability
Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more
Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser
After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more
LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue
In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more