The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Anonymous targets Iran for Mahsa Amini. Elon Musk is also on the field with Starlink to ensure access to the web and social networks for the population
Iran is the target of a massive new cyber warfare offensive launched by Anonymous and other international volunteer groups. The cause is the violent repression in the Middle Eastern country of popular protests for the death of the young Mahsa Amini, who is believed to have been killed while in the custody of the religious police. Tehran blocked the internet and social networks to try to prevent protesters from communicating abroad what the real situation is in the nation, to make it more difficult for them to organize garrisons and marches, as well as to better protect themselves from the ongoing waves of international cyber attacks. Elon Musk, however, as he has already done in Ukraine, intervened by making his constellation of Starlink satellites available to the population. As a result, any attempt by the Islamic Republic to block the network has been in vain.
#OpIran’s goal: to bring down the government, hitting critical infrastructure and the salaries of the security forces
The cyber warfare campaign against Iran is extremely varied. On the one hand, there are waves of DDoS attacks to knock out institutional sites. On the other hand, #OpIran also foresees attacks of a more pervasive and disruptive type. This is in order to steal information on who are the perpetrators of the violence and to stop it (the latest is on the Iranian Parliament, hacked by Kromsec). In particular, Anonymous volunteers are targeting specific sites such as the payroll system for security forces and banks. Objective: to bring them to collapse to force them to stop. The same local media that spread propaganda and critical infrastructure are under attack. In the past there had been other “Ops” against the Islamic Republic, but never so extensive and internationally participated.