HBO Hacker Linked to Iranian Spy Group

A man accused by U.S. authorities of hacking into the systems of HBO and attempting to extort millions of dollars from the company has been linked by security researchers to an Iranian cyber espionage group tracked as Charming Kitten.
Security firm ClearSky has published a new report detailing the activities of Charming Kitten, which is also known as Newscaster and NewsBeef. The threat actor has been active since at least 2014 and it has targeted numerous entities in Iran, the U.S., Israel, the U.K. and other countries. Its attacks have often been aimed at individuals involved in academic research, human rights and the media.

The ClearSky report describes the group’s activities during 2016-2017, including the infrastructure used and a new piece of malware named DownPaper. It also details the connection between the individual accused of hacking HBO and Charming Kitten, and reveals the identities of two other alleged members of the group.
Behzad Mesri, also known as Skote Vahshat, was charged last month by U.S. prosecutors on seven counts related to hacking HBO, stealing scripts and other information on popular TV shows, and threatening to release the data unless the network paid $6 million in Bitcoin.
When they unsealed the indictment, authorities said Mesri had also launched cyberattacks on behalf of the Iranian military against military systems, nuclear software systems, and Israeli infrastructure. They also claimed he was a member of an Iran-based hacking group called Turk Black Hat, which conducts website defacements.
网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
Collin Anderson, a researcher specializing in state-sponsored attacks, particularly ones attributed to Iran, was the first to point out that based on the information in the indictment, Mesri appeared to be a member of Charming Kitten.
ClearSky has also found connections between Masri and Charming Kitten. One of the links is through “ArYaIeIrAN,” another member of Turk Black Hat. Email addresses associated with this individual have been used to register several Charming Kitten domains. The same email address also registered a domain for an Iranian hosting firm named MahanServer, which has hosted Charming Kitten infrastructure.
多个中文版的虚假杀毒软件出现,“免费”的幌子令大量用户在输入手机号码后被恶意扣费,损失惨重。
The CEO of this company appears to be one Mohammad Rasoul Akbari, and ArYaIeIrAN could be one Mohammadamin Keshvari, who is listed as MahanServer’s only other employee on LinkedIn. Akbari is linked to Masri via their Facebook profiles.
“We estimate with medium certainty that the three are directly connected to Charming Kitten, and potentially, along with others – are Charming Kitten,” ClearSky wrote in its report.
In the past years, security researchers have linked several cyber espionage groups to Iran, including APT33, Rocket Kitten, Cobalt Gypsy (Magic Hound), and CopyKittens. There are many overlaps between these actors, both in terms of infrastructure and malware, which means the individuals identified by ClearSky could be part of other Iranian groups as well, not just Charming Kitten.
Related: Iranian Cyberspies Use New Trojan in Middle East Attacks
Related: Iranian Hackers Target Aerospace, Energy Companies
多家政府网站被挂黑链,经过认证发牌的网站被挂黑链并不能完全避免,问题是接报后无一家主动提出整改,均主动忽略漏洞,网络安全上的不作为让部分地区的政府失信。

猜您喜欢

国家网络与信息安全中心发布防病毒补丁地址
信息安全意识宣教视频密码安全知识
网络安全法培训短片
梅西超皇马名宿成南美欧冠第一人 罕见一幕11年未见
ENTERPRISE-IRELAND VELOJERSEYS
网络安全宣传日网上交易安全培训视频之网络钓鱼防范