Israel subjected to persistent targeting by Iranian hackers

The Hacker News reports that Iran-linked threat operations have continued launching malware attacks against Israel last year.

Iranian cyberespionage group UNC2428, which overlaps with Black Shadow, has engaged in a social engineering campaign involving the impersonation of Israeli defense contractor Rafael in a bogus recruitment invitation that led to the download of the MURKYTOUR backdoor, an analysis from Mandiant showed. Israel-based users have also been subjected to attacks by the Cyber Toufan group that resulted in the deployment of the POKYBLIGHT wiper malware. Other Iran-linked threat groups observed during the past year include suspected MuddyWater affiliate UNC3313, which sought to compromise targeted systems in phishing campaigns delivering the JELLYBEAN dropper and CANDYBOX malware, as well as UNC1549, which has been concealing malicious activity by using cloud infrastructure to host command-and-control nodes and payloads. "As Iran-nexus threat actors continue to pursue cyber operations that align with the interests of the Iranian regime, they will alter their methodologies to adapt to the current security landscape," said Mandiant.