PowDesk is a simple PowerShell-based script for hosts that run LANDesk Management Agent. This script is compatible with both 32-bit and 64-bit systems and exfiltrates the computer’s name through a PHP page stored at a certain domain name. After analyzing the script behavior, we assess that potential attackers might create a whitelist of companies that […]
On the 15th of September 2019, we have published a report[1] about a sharp increase in Charming Kitten attacks against researchers from the US, Middle East, and France, focusing on Iranian academic researchers, Iranian dissidents in the US. In our last report, we exposed a new cyber espionage campaign that was conducted in July 2019. […]
In 2019 ClearSky Cyber Security observed a sharp increase in Charming Kitten attacks, after an absence of a few months and after 2019 Microsoft official complaint against the group for “establishing an internet-based cybertheft operation referred to as ‘Phosphorus’“. Read the full report: The Kittens Are Back in Town Charming Kitten – Campaign Against Academic […]
We are happy to present our half-year report summarizing cyber events for the first half of 2019. This report provides an in-depth review of significant trends, as well as major attack events in the cyber landscape – a combined effort of our intelligence research, threat-hunting and analyst teams. Read the full report: 2019 H1 Cyber […]
On July 25th, 2019, several social media profiles propagated fake news claiming that two famous Israeli women, Yona Elian And Roni Dalumi (an actor and a singer, respectively), have died. These accounts posted the story on Israeli media outlets pages, as well as a number of Israeli social media groups, primarily on Facebook. Read the […]
In recent months, there has been considerable unrest in the Iranian cybersphere. Highly sensitive data about Iranian APT groups were leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel. The first leak uncovered attack frameworks and web shells of APT-34 (Known as OilRig group). This was followed […]
Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation. The identity of the actor behind the leak is currently unknown, however based on the scope […]
In our ongoing investigations of Iranian APTs, we recently detected additional documents related to previously attack infrastructures used by the Iranian APT – “MuddyWater”, which we reported on in late November 2018. As a reminder, we identified two domains, that were hacked by the group and used to host the code of POWERSTATS; a malware […]
We are happy to present our yearly summary report of cyber events for 2018. This report is a combined effort of our intelligence research, threat-hunting and analyst teams. One of the biggest challenges in cyber space is the overwhelming, and at times contradicting amount of data we are confronted with on a daily basis. As […]
Throughout 2018, Clearsky Cyber Security has uncovered several disinformation campaigns operated by Iran (As can be seen in Ayatollah BBC report). Below, we provide an overview of a large-scale fake news infrastructure promoting Iranian global interests comprised of at least 98 fake media outlets; each with its own websites, social media accounts, and pages that […]