Report: Iran hacks Israel in cyber attack

The group, dubbed "Leafminer," has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan, according to a report issued by US cyber security firm Symantec.

By SANDEEP SINGH GREWAL/GULF DAILY NEWS
August 2, 2018 09:12
3 minute read.
Hacker

Hacker. (photo credit: INGIMAGE / ASAP)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Manama, Bahrain (Tribune News Service) - A group of “highly active” hackers based in Iran have been found to be trying to steal vital information from governments in the Middle East.

The group, dubbed "Leafminer," has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan, according to a report issued by US cyber security firm Symantec.

Be the first to know - Join our Facebook page.


However, an Information and eGovernment Authority (iGA) spokesman told the GDN yesterday “no indication was found up until now that Leafminer targeted the portal or any systems managed by IGA.”

The cyber espionage group’s targets includes the “energy, telecommunications, financial services, transportation and government” sectors.

Means of intrusion used to infiltrate target networks consisted of infecting malware on websites often visited by the users, also known as watering hole style attacks, and using brute-force login attempts, which features trying numerous passwords with the hope of eventually breaching the network.

“Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East,” stated a threat intelligence report by Symantec.

Operations reportedly began in early 2017 but has increased since the end of last year.

JPOST VIDEOS THAT MIGHT INTEREST YOU:


“Leafminer is a highly active group, responsible for targeting a range of organizations across the Middle East.

“The group appears to be based in Iran and seems to be eager to learn from, and capitalize on, tools and techniques used by more advanced threat actors.”

The report also said an investigation into Leafminer revealed a list, written in Farsi, of 809 systems targeted by the hackers.

“Targeted regions included in the list are Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel, and Afghanistan.”

The report said the attackers were looking for e-mail data, files and database servers on their target systems in financial, government, energy, airlines, construction, telecommunication and other sectors in the region.

Symantec said it was able to identify Leafminer after discovering a compromised web server that was used in several different attacks.

“It [the cyber espionage group] made a major blunder in leaving a staging server publicly accessible, exposing the group’s entire arsenal of tools.

“That one misstep provided us with a valuable trove of intelligence to help us better defend our customers against further Leafminer attacks.”

IGA said, in a statement to the GDN yesterday, that part of its job was to monitor any report issued by security vendors such as Symantec regarding any threat actors targeting the region.

“The team then conducts further investigation to look for any sign of indication related to the threat actors,” it said.

“If an indication is detected, the case is reported to IGA’s cybersecurity incident management team to take the needful action to approach the incident.

“With regards to the Leafminer cyber espionage group, no indication was found up till now that Leafminer targeted the portal or any systems managed by IGA.”

IGA officials previously said that around 27,000 attacks on government systems were managed last year, with majority of them originating from countries in the east, namely Iran.

Meanwhile, a spokesman from Bahrain-based security firm CTM360 said it was aware of Leafminer and urged companies and individuals to install anti-virus software as well as use complex passwords.

“Leafminer targeted government organizations and businesses in the Middle East by using the existing available threats out there,” said the spokesman.

“The group studied reports published by different security firms about malwares or threats, and fix the loopholes mentioned in those papers for an advanced malware attack.”

———

©2018 the Gulf Daily News (Manama, Bahrain). Distributed by Tribune Content Agency, LLC.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

September 25, 2018
Opening the TLV-Jerusalem rail: From anticipation to political opportunism

By JPOST EDITORIAL