• فارسی
  • العربیه
  • AL
  • Personal Story
  • Videos
  • About Us
  • Fake News
Wednesday, June 29, 2022
Iran Probe
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
No Result
View All Result
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
No Result
View All Result
Iran Probe
No Result
View All Result
Home Fake News

Iranian Hackers Abuse Slack For Cyber Spying

December 16, 2021
in Fake News
Share on FacebookShare on Twitter

BM researchers claim an Iranian-linked crew called MuddyWater has been trying to avoid detection by using Slack to control their malware. It’s believed to be the first time a suspected state-backed hacking outfit has been seen using such a technique.

forbes

Back in March, hackers believed to be Iranian cyberspies found a novel use for the workplace messaging app Slack. They’d broken into an Asian airline and installed a backdoor. To hide their communications with that malware, they hooked into the Slack application and sent commands over the tool. Why? So that IT security systems would think it is legitimate traffic and it wouldn’t be detected or blocked.

 

That’s according to IBM, which is releasing research this Wednesday on that hacking crew, dubbed MuddyWater. The tech giant’s X-Force cybersecurity research division said it ​​looked at MuddyWater’s backdoor, dubbed Aclip, finding it was using Slack application programming interfaces for comms. Such APIs set up the rules needed to combine other apps, such as plugging a social channel’s posts to a Slack group. The MuddyWater group created a Slack workspace and channels from which they could receive system information, such as requested files and screenshots that they were trying to syphon off the network. They could also use the Slack channels to post commands to the backdoor.

 

As for what they were trying to do, IBM found evidence the airline’s passenger data was targeted, finding one of the attackers’ servers containing files with names including “reservation management.” The use of Slack was part of a patient operation, in which the hackers were on the airline’s network for over a year and a half, according to IBM.

 

Slack hadn’t responded to a Forbes request for comment but had told IBM: “We investigated and immediately shut down the reported Slack Workspaces as a violation of our terms of service. We confirmed that Slack was not compromised in any way as part of this incident, and no Slack customer data was exposed or at risk. We are committed to preventing the misuse of our platform and we take action against anyone who violates our terms of service.”

 

While this appears to be the first nation state-affiliated use of Slack for such espionage operations, it is not the first time the app has been used for backdoor communications. In 2018, one dubbed SlackShell was discovered and the next year two more appeared.

 

Nick Rossmann, global threat intelligence lead at IBM X-Force, said that Slack wasn’t in any way compromised, it simply aided the digital spies “in prolonging the stealth of their operation.”

 

“While the technique is not new, X-Force does not frequently see threat actors leveraging Slack for [command and control] communication,” Rossman told Forbes.

 

“For organizations that heavily use Slack, it may be difficult for them to distinguish legitimate Slack network traffic with network traffic generated by this backdoor, which is why we wanted to raise awareness of this tool.

 

“We aren’t aware of other nation states using it, but it’s possible. Many groups have used the ‘technique’ of leveraging legitimate platforms, like GitHub, Twitter, cloud storage services like OneDrive, or cloud infrastructure.”

 

Rossman said the incident was a good reminder that organizations needed to more thoroughly scrutinize their use of tools like Slack for any possible malicious traffic. “The industry is passed trying to stop adversaries from getting in, it’s about how quickly you stop them from getting to your data and how quickly you get them out,” he added.

 

It was also a sign of Iran’s growing sophistication in cyber espionage, he said. “Iran’s a savvy cyber operator, and though its cyber operations are often compared to capabilities from Russia and China, it would be a mistake to underestimate Iranian-sponsored adversaries’ growth.”

 

MuddyWater, for instance, has previously been linked to ransomware attacks and in recent years, Iran has shown a penchant for using social networks like Facebook and LinkedIn to try to develop relationships with U.S. government targets to gather data from them and to try to infect their employers’ networks. Iranian hackers have also been accused of trying to infiltrate water supplies networks in Israel and in November, two were charged with a disinformation and hacking operation trying to influence the 2020 election.

 

And on Tuesday, cybersecurity company Mandiant claimed that Iranian hackers, alongside Chinese espionage actors, have been launching attacks via a widespread vulnerability in logging tool Log4j, which has affected many of the world’s biggest tech vendors, from Amazon to Cisco.

Tags: IranSlider
ShareTweetSendShare
Previous Post

Iran: 100 MEPs Call On EU To Recognize the 1988 Massacre in Iran as Genocide and a Crime Against Humanity

Next Post

New Report Reinforces Need for Constant Vigilance Against Iran’s Online Disinformation

Related Posts

Fake News

A senior member of the US Congress: The constant pattern of deception and double behavior of the Iranian regime

May 27, 2022
Fake News

Iran’s Cyber Army: A Force of Disinformation for a Cursed Cause

April 2, 2022
Articles

A BROKEN TIN-FLAT HAS A SCRATCHED SOUND

February 21, 2022

Stay Connected

Latest Posts

Two Iranian Bahai women detained in Shiraz, southwest Iran

June 28, 2022

Exclusive Report: 48th US Vice President Mike Pence Meets NCRI’s Maryam Rajavi, Visits Ashraf 3 in Albania

June 24, 2022

Why are Iranian pensioners protesting across the country?

June 22, 2022

Khamenei’s Own Ranks Are Warning of Iran’s Troubling Circumstances

June 21, 2022

Germany Expels an Iranian clergy in Hamburg Because of Terror Charges

June 19, 2022

Iran mullahs enforce compulsory Hijab via new “bases” and repressive laws

June 18, 2022

Follow Us On Twitter

About Iran Probe

Iran Probe

Iran Probe is the English version of the Iran Efshagar website that began its work back in 2004 in Farsi...
In the past few years Iran Efshagar has been able to expose the lies of the Iranian regime and its agents, who are active under the cloak of opposition figures or the regime’s lobbies in Europe and the United States.

Browse by Category

  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Camps Ashraf and Liberty
    • Ashraf
      • Deadly Attacks
      • Iraq Nationwide Support
      • Medical Siege
      • Other atrocities
      • Psychological Torture
      • TIPF
      • Visit of International Delegations
    • Liberty
      • Attacks
      • Iraqi Camp Management
      • Liberty Medical Siege
      • Liberty News
      • Logistical Siege
      • Safety and Security
      • UNHCR Statements
  • Demonization Campaign
    • Iran-Iraq War
    • Kurds and Shiites Allegation
    • Name calling
  • Fake News
  • Iran's Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Iranian Intelligence Offshoots
    • ADVT
    • Habilian
    • Iran-Interlink
    • Nejat Society
  • News
  • Personal Story
  • Reports and Articles
    • Articles
    • Reports
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Uncategorized
  • Videos

External Links

Stay Connected

Copyright © 2008 - 2020 by Iran Efshagar - English. All rights reserved.

No Result
View All Result
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles

Copyright © 2008 - 2020 by Iran Efshagar - English. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist