[ad_1]
“Sand swamp” is the name of the Iranian cyber attack that aimed to sabotage the infrastructure of vital Israeli institutions last September.
The IranWire website, run by British opposition journalists, said in a report on Thursday that Israeli company ClearSky, one of the leading companies in the field of cybersecurity, has published, in cooperation with its counterpart, ProV Vero , details about the Iranian cyberattack.
The report says that a group of Internet hackers calling themselves Moody Water, or (cloudy water), had close ties to the Iranian Revolutionary Guard militia, which carried out the cyberattack against vital Israeli institutions last month.
According to experts from the two companies, the “sand swamp” attack shows that the Republic of Iran has launched a new round of cyberattacks using new methods and tools against Israel.
The report noted that although the identities of members of the pirate group “Moody Water” have yet to be revealed, the group’s approach is similar to this summer’s attacks on some Middle Eastern countries and South Africa, including attacks on facilities. of the Israel Water Corporation.
“Iran Wire” stated that the 2012 attack by the same group on the Aramco oil facility in Saudi Arabia, known as “Shamoun”, is very similar to the “sand swamp” operation.
The “Moody Water” group used two methods to attack vital institutions in Israel. The first is “phishing” by sending files in “Excel” or “PDF” format by email, which automatically downloads a copy of the ransomware known as “Thanos” to the victim’s computer as soon as the sent files are opened. .
The “Thanos” malware aims to disrupt computer startups, while in June and July this year, many companies in the Middle East and North Africa were extorted by hackers using ransomware.
The second method of the Iranian hackers in the attack to damage Israeli institutions was based on downloading malicious software through a vulnerability in computers that allows their data to be encrypted and interrupts their work, but the experts from the companies “Clear Sky” and “Prof Vero” managed to deal with them.
The report noted that a group of “Moody Water” pirates used both methods to hide the party behind the attacks and their targets, which wanted to destroy the infrastructure of Israeli economic institutions.
It is worth noting that the word “covic” appeared in hackers’ execution codes, which may be inspired by the word “Covid-19” or the emerging corona virus.
If this hypothesis is correct, it is possible that the “Moody Water” hacker group developed the “Thanos” malware for their own purposes.
Microsoft revealed in its Digital Defense report issued last September that Moody Water Group is one of the contractors under the leadership of the Iranian Revolutionary Guard.
Microsoft suggested that this group carried out 10% of all attacks on international organizations and 7% of all attacks on technology companies during the current year.
For its part, the cybersecurity company Symantec said in its 2018 report that 131 people and 30 companies in different parts of the world had been attacked by the Moodywater group.
The report speculated that this group works for a company called “Rana” affiliated with the Iranian Ministry of Intelligence, known as the Rana Institute, which is included in the US sanctions list.
On September 17, the United States Department of the Treasury placed the Iranian company “Rana” and 45 of its employees on its sanctions list due to their participation in cyberattacks, privacy violations, crackdown on Iranians and information theft. and intellectual property.
Tel Aviv believes that the policies of expanding regional influence, the development of a missile program and Iran’s efforts to obtain an atomic bomb pose a serious threat to it, the region and the world, according to Al-Ain News.
