The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Recorded Future publishes a report on the Iran’s hacker hierarchy and warns that even non-professional hackers, more difficult to track, are enrolled on the occasion
Iran is massively recruiting hackers on online security forums. Not so much to conduct cyber warfare and espionage campaigns, but rather for quick actions. The researchers of cybersecurity of Recorded Future, who published a report on the cyber hierarchy of the Islamic Republic, discovered it. Tehran, moreover, is hiring not only professionals in the sector, but also people who work part-time or for hobbies. This increases the risk, as known hackers are monitored by international intelligences. But those unsuspecting no. As a result, it is harder to intercept them before they launch attacks. Above all against the US and Israel, which became the number one enemy of the Middle Eastern country. The Jewish state for revealing that Tehran’s nuclear programs continue in secret, despite the fact that the nation signed the Joint Comprehensive Plan of Action (JCPOA). The United States, as it abandoned the JCPOA following the latest events.
Tehran operates a multilevel cyber attack system. The government indicates the target, which is then hit by external contractors. And if they’re in a hurry, they rely on flash recruitment of hackers
Moreover, Iran is managing a multilevel cyber-attack system. Government employees choose the targets to be hit and enter into contracts with third parties, who then do the dirty work. In this way, if the targets or investigators succeeded in attributing the cyber incidents, Teheran would be out and could not be accused of anything. In particular, the Islamic Republic works with private companies, including universities, which act as entrepreneurs. According to Recorded Future, there are about 50 companies operating as contractors to conduct espionage and cyber warfare campaigns. But when the Middle Eastern country needs rapid action, the question changes. It is precisely here that the talents recruited on online security forums come into play. The client notifies the company that an urgent target must be hit and it immediately rushes over them to enlist the labor force as soon as possible.