Iranian hackers reportedly created a fake site in support of the Israeli hostages held by Hamas to carry out cyber attacks against Israeli targets, the Google-owned cybersecurity firm Mandiant announced on Wednesday.
According to Mandiant, the hacker group identified as UNC1546, or Tortoiseshell, is heavily linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).
In its most recent activity, under the cover of the Bring Them Home Now movement, calling for the return of the hostages, the hackers spread malware entitled MINIBUS. Installing it triggered a decoy under the guise of an application related to the hostages.
Other methods used by the hackers
In an additional MINIBUS incident, a decoy was set via a quiz application.
The UNC1546 hackers also spread links with false job offers related to defense and tech positions, in which were malicious payloads.
According to the cybersecurity firm, as part of the hackers’ activity, the group also targeted Middle Eastern aerospace, aviation, and defense industries, according to the cybersecurity firm. It lists with certitude that Israel and the United Arab Emirates, with Turkey, India, and Albania being additional potential targets.