What’s Farsi for ‘as subtle as a nuke through a window’? Foreign diplomats in Iran hit by renewed Remexi nasty Iran, spying on foreigners within its borders? Shocked, shocked, we tell you

By: Shaun Nichols

A newly uncovered spyware-slinging operation appears to have been targeting foreign diplomats in Iran for more than three years.

Researchers at Kaspersky Lab said this week that a new build of the Remexi software nasty, first seen in 2015, has been spotted lurking on multiple machines within Iran, mostly those located within what we assume are foreign embassy buildings. The Windows-targeting surveillance-ware was previously associated with a hacking group known as Chafer, and an examination of the latest strain suggests it is of Iranian origin.

“The malware can exfiltrate keystrokes, screenshots, browser-related data like cookies and history, decrypted when possible,” Kaspersky’s Denis Legezo said of the infection.

“The attackers rely heavily on Microsoft technologies on both the client and server sides: the Trojan uses standard Windows utilities like Microsoft Background Intelligent Transfer Service (BITS) bitsadmin.exe to receive commands and exfiltrate data.”

Curiously, Legezo said he does not yet know how the malware is spreading in the wild, just that it is targeting “foreign diplomatic entities” based within Iran.

“So far, our telemetry hasn’t provided any concrete evidence that shows us how the Remexi malware spread,” we’re told.

“However, we think it’s worth mentioning that for one victim we found a correlation between the execution of Remexi’s main module and the execution of an AutoIt script compiled as PE, which we believe may have dropped the malware.”

Once on a victim’s machine, the spyware is very persistent, hiding out in scheduled tasks, Userinit and Run registry keys in the HKLM hive, depending on the version of Windows it has infected. Data is exfiltrated to command and control servers using Microsoft’s bitsadmin.exe transfer utility.

According to timestamps in the malware, its development appears to have been completed in March 2018, though there are a few sections of the code that appear to be much older.

More:  https://www.theregister.co.uk/2019/01/31/iran_embassies_malware/

Dozens of US spies killed after Iran and China uncovered CIA messaging service using Google

By: Margi Murphy

Dozens of American spies were killed in Iran and China after a flawed communications service that allowed foreign foes to see what the agents were up to using Google, official sources have claimed.

Between 2009 and 2013 the US Central Intelligence Agency suffered a “catastrophic” secret communications failure in a website used by officers and their field agents around the world to speak to each other, according to a report in Yahoo News, which heard from 11 former intelligence and government officials about the previously unreported disaster.

“We’re still dealing with the fallout,” said one former national security official. “Dozens of people around the world were killed because of this.”

The internet-based communications platform was first used in the Middle East to communicate with soldiers in war zones and had not been intended for widespread use but due to its ease of use and efficacy, it was adopted by agents despite its lack of sophistication, the sources claimed.

Cracks only began to show when Iran, angered that the government under Barack Obama had discovered a secret Iranian nuclear weapon factory, went out with a fine tooth comb to find moles.

It discovered the existence of one of the websites used by US agents using Google. US officials believe that Iranian spies were able to use Google as a search tool to find secret CIA websites, unbeknown to those using them.

By 2011, Iran had infiltrated the CIA spy network and in May it announced that they had broken up a 30-strong ring of American spies.

Some informants were executed and others imprisoned as a result, the sources claimed.

This was corroborated by a report on ABC news at the time, which referred to a compromised communications system after a tip off from the CIA.

Meanwhile in China 30 agents working for the US were executed by the government after compromising the spy network using a similar means. Beijing had managed to break into a second temporary communications system,  splintered from the initial platform and were able to see every single agent the CIA had placed in the country, the sources told Yahoo.

The sources said that it the general consensus was that that Iran and China had traded technical information with each other to form a two-pronged attack.

A CIA agent in Russia who was warned about the attacks were able to change communication channels before anyone was uncovered.

More: https://www.telegraph.co.uk/technology/2018/11/03/dozens-us-spies-killed-iran-china-uncovered-cia-messaging-service/amp/

Iran angered by US imposition of cyber sanctions

By: BBC

Iran has railed against US sanctions imposed on 10 citizens and a tech firm accused of cyber attacks on at least 320 universities worldwide, along with US firms and government agencies.

Tehran called the sanctions a gimmick that was provocative, illegal and unjustified.

The Mabna Institute is accused of stealing 31 terabytes of “valuable intellectual property and data”.

Iranian foreign ministry spokesperson Bahram Qassemi said the new US sanctions were an act of provocation, and that the move would not prevent Iran’s technological progress.

“The US will definitely not benefit from the sanctions gimmick, aimed at stopping or preventing the scientific growth of the Iranian people,” Mr Qassemi said in a statement.

The indicted individuals are still in Iran. They were called “fugitives of justice” by US Deputy Attorney General Rod Rosenstein, and could face extradition in more than 100 countries if they travelled outside Iran.

Many of the “intrusions”, Mr Rosenstein said, were done “at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps”.

More: http://www.bbc.com/news/world-middle-east-43527152?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BW3%2BPYrkkRCqlNdstUs%2FBkg%3D%3D

US’s greatest vulnerability is underestimating the cyber threats from our adversaries, foreign policy expert Ian Bremmer says

By: sikur

Capturar

by Natasha TurakHadley Gamble

February 17, 2018

America’s greatest vulnerability is its continued inability to acknowledge the extent of its adversaries’ capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group.

Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the “big four”: Russia, China, North Korea, and Iran.

“We’re vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea — no one in the U.S. cybersecurity services believed the North Koreans could actually do that,” Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

He also noted the NotPetya malware attack in July 2017, considered the costliest cyberattack in history, which U.S. and European governments have accused Russia’s military of implementing. Believed to be a deliberate attack on Ukraine, it actually wiped off half a point from Ukraine’s gross domestic product.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. “It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data.”

MORE: https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/02/17/munich-security-conference-ian-bremmer-on-cybersecurity-threats.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Iran to blame for cyber-attack on MPs’ emails – British intelligence

By: sikur

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

The houses of parliament
Dozens of MPs’ emails were hacked, partly as the result of weak passwords, a spokesman said. Photograph: Xinhua/Barcroft Images

Iran to blame for cyber-attack on MPs’ emails – British intelligence

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report, first revealed by the Times but independently verified by the Guardian, comes at an awkward juncture. Donald Trump made it clear on Friday that he wants to abandon the Iran nuclear deal. But European leaders, including Theresa May, want to retain it.

Initial suspicion for the attack fell on Russia, but this has now been discounted. The evidence amassed is pinpointing Iran, according to the assessment. A spokesperson for the National Cyber Security Centre, the government body responsible for helping to counter attacks, said: “It would be inappropriate to comment further while inquiries are ongoing.”

More: https://www.theguardian.com/world/2017/oct/14/iran-to-blame-for-cyber-attack-on-mps-emails-british-intelligence

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist