Mandiant has been analyzing UNC3890, a group of hackers that uses social engineering lures and a possible watering hole to target Israeli maritime, government, energy, and healthcare institutions, for the past year.
With a major emphasis on shipping and the current marine war between Iran and Israel, Mandiant estimates with a low degree of confidence that this actor is connected to Iran. Although experts believe this actor is primarily interested in gathering intelligence, the data is used to assist a range of actions, from hack-and-leak to enabling kinetic warfare strikes like those that have recently hit the marine sector.
According to John Hultquist, vice president of threat intelligence at Mandiant, “the maritime industry or the global supply chain is highly vulnerable to disruption, especially in countries where a state of the low-level conflict already exists.”
Luring method
Watering holes and data theft have been the primary entry points for UNC3890. The latter collected passwords and sent phishing lures using the group’s C2 servers, which it posed as reputable services.
The servers display false job offers and bogus advertising, and fake login pages for services like Office 365 and so
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: