Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation. The identity of the actor behind the leak is currently unknown, however based on the scope […]
Read MoreIranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey
In our ongoing investigations of Iranian APTs, we recently detected additional documents related to previously attack infrastructures used by the Iranian APT – “MuddyWater”, which we reported on in late November 2018. As a reminder, we identified two domains, that were hacked by the group and used to host the code of POWERSTATS; a malware […]
Read MoreYear of the Dragon – Summary report of cyber events for 2018
We are happy to present our yearly summary report of cyber events for 2018. This report is a combined effort of our intelligence research, threat-hunting and analyst teams. One of the biggest challenges in cyber space is the overwhelming, and at times contradicting amount of data we are confronted with on a daily basis. As […]
Read MoreGlobal Iranian Disinformation Operation
Throughout 2018, Clearsky Cyber Security has uncovered several disinformation campaigns operated by Iran (As can be seen in Ayatollah BBC report). Below, we provide an overview of a large-scale fake news infrastructure promoting Iranian global interests comprised of at least 98 fake media outlets; each with its own websites, social media accounts, and pages that […]
Read MoreMuddyWater Operations in Lebanon and Oman
Abstract MuddyWater is an Iranian high-profile threat actor that’s been seen active since 2017. The group is known for espionage campaigns in the Middle East. Over the past year, we’ve seen the group extensively targeting a wide gamut of entities in various sectors, including Governments, Academy, Crypto-Currency, Telecommunications and the Oil sectors. MuddyWater has recently […]
Read MoreInfrastructure and Samples of Hamas’ Android Malware Targeting Israeli Soldiers
Earlier today the Israel Defense Forces (IDF) uncovered a campaign they attribute to Hamas, in which fake Facebook profiles were used to lure soldiers to install Android malware. ClearSky has been monitoring this campaign and would like to share indicators related to it. We were unable to find technical similarities or infrastructure overlap with a known […]
Read MoreAyatollah BBC – An Iranian Disinformation Operation Against Western Media Outlets
Monitoring Iranian activity in cyberspace, we have uncovered an online propaganda-and-disinformation operation, containing dozens of websites that impersonate western media outlets. At the center of the operation is the BBC Persian website. We call this operation Ayatollah BBC. We estimate that the main objective of the operation is to undermine the credibility of western media […]
Read MoreCyber Intelligence 2017 Summary Report
Major cyber trends in 2017 The most significant attacks this year were executed by organized cybercrime groups and nation-state actors Over the last two years, cyberspace has become a prominent medium for fighting between countries. Among the major global cyber actors, Russia is both the most significant nation-state actor, and the most prolific habitat for […]
Read MoreCharming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets
Charming Kitten is an Iranian cyberespionage group operating since approximately 2014. This report exposes their vast espionage apparatus, active during 2016-2017. We present incidents of company impersonation, made up organizations and individuals, spear phishing and watering hole attacks. We analyze their exploitation, delivery, and command-and-control infrastructure, and expose DownPaper, a malware developed by the attackers, […]
Read More