Cybersecurity experts reported a successful exposure of a lethal cyber-attack against Israel by a suspected Iranian adversary. Fortunately, its discovery counteracts a significant disruption on prominent business entities in the said country. However, reporters believed that they have just prevented the malware from its possible ‘just-now’ damage. Still, we suspect the malware has already been victimizing many businesses in the Arab region and other organizations in different locations worldwide.
Tagged as ‘Operation Quicksand,’ reporters confirmed that this is just a portion of a larger modus called ‘MuddyWater.’ This is an operation suspiciously led by the Islamic Revolutionary Guard Corps (IRGC), a government-backed adversary of the Iranian government. IRGC is already labeled as a terrorist group by the Israeli and United States government.
Their investigation confirmed that Iran is involved in a series of cyber-attacks that include surveillance on high-ranking military personnel and organization in the Israel.
An in-depth analysis confirmed the IRGC methodology of infection was through spear-phishing email that includes relevant or enticing subject to lure the victim in opening their fraudulent email with an attachment that contains the malware. Once the malicious code runs onto the machine, it will stage segmented download of Thanos ransomware into the victim machine to avoid security detection. This has become a successful attack through the exploitation of CVE-2020-0688 of Microsoft Exchange Key validation. After the full application has been entirely transferred onto the targeted system, its self-extraction feature will execute and then continue the infestation through the network with supervision on the adversary’s remote command and control.
The rumor circulated that the cause of this ransomware aggression attack from Iran was due to the government’s retaliation and preparedness concerning the current tensions between them and the joint forces of Israel and the US government. Iran’s list of reasons includes the death of an Iranian general that has been killed by a US airstrike early this year, which resulted in uprising rage and a threat from Iran. The next attack that contributed was the offensive step in May targeting Iran’s Bandar Abbas port. This attack on Iran has allegedly been an act to stop Iran from using the port for military aggression and central point in helping another known terrorist in the Arab region.
The cyberwar of Iran versus joint US-Israel has been ongoing since 2018. Special attacks have been reported as advancements by each party to gain an advantage in the current situation. As a result, each side has mitigated plans by proactively strengthening their intel security to pre-empt possible attack while performing an offensive reconnaissance.
The world is on the lookout for the growing tension in the middle east. Now that UN has not renewed the embargo on Iran, everyone suspects and expects a more aggressive and lethal assault will be launch by them either by brute force or cyberattack. This tension is likely to extend to greater heights and prolong as each party strives to retaliate once an attack has been exposed, becoming an endless cycle.
