During the past four months a wave of cyber-attacks has been targeting Israeli companies. The attacks are conducted by different means and target a range of sectors. We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks […]
Read MoreOperation Quicksand
During September 2020, we identified a new campaign targeting many prominent Israeli organizations. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm). MuddyWater was previously exposed as a contractor for the IRGC (Islamic Republic Guard Corps). ClearSky and Profero comprehensively researched this campaign. During the campaign, […]
Read MoreThe Kittens Are Back in Town 3
During 2017-2019, Clearsky had published several reports about the Iranian APT group “Charming Kitten”. One of the group’s most common attack vectors is impersonating journalists, particularly those from the German “Deutsche Welle” broadcasting company and the “Jewish Journal” magazine. Starting July 2020, we have identified a new TTP of the group, impersonating “Deutsche Welle” and […]
Read MoreOperation ‘Dream Job’ Widespread North Korean Espionage Campaign
During June-August of 2020, ClearSky’s analysis team had investigated an offensive campaign attributed with high probability to North Korea, which we call “Dream Job”. This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. Its main […]
Read MoreCryptoCore Group
A Threat Actor Targeting Cryptocurrency Exchanges In this research, we present a hidden and persistent group, that has been targeting crypto-exchanges, mainly in the US and Japan since as early as 2018. The actor has successfully stolen millions’ worth of cryptocoins. We named it as “CryptoCore” (or “Crypto-gang”), aka “Dangerous Password”, “Leery Turtle”. The CryptoCore […]
Read MoreClearSky Q1 summary report
We have published our quarterly report for the first quarter of 2020. We mark the outbreak of the COVID-19 virus as a systematic change for most businesses around the world. The immense pressure felt by many companies and organizations has the potential of evolving into “The perfect storm” in terms of ripe conditions for cyber-attacks, combining […]
Read MoreFox Kitten – Widespread Iranian Espionage-Offensive Campaign
During the last quarter of 2019, ClearSky research team has uncovered a widespread Iranian offensive campaign which we call “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world. Read the full Report: Fox Kitten – Widespread Iranian Espionage-Offensive Campaign […]
Read MorePowDesk: PowerShell Script for LANDesk Management Agent Hosts
PowDesk is a simple PowerShell-based script for hosts that run LANDesk Management Agent. This script is compatible with both 32-bit and 64-bit systems and exfiltrates the computer’s name through a PHP page stored at a certain domain name. After analyzing the script behavior, we assess that potential attackers might create a whitelist of companies that […]
Read MoreThe Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
On the 15th of September 2019, we have published a report[1] about a sharp increase in Charming Kitten attacks against researchers from the US, Middle East, and France, focusing on Iranian academic researchers, Iranian dissidents in the US. In our last report, we exposed a new cyber espionage campaign that was conducted in July 2019. […]
Read MoreThe Kittens Are Back in Town Charming Kitten – Campaign Against Academic Researchers
In 2019 ClearSky Cyber Security observed a sharp increase in Charming Kitten attacks, after an absence of a few months and after 2019 Microsoft official complaint against the group for “establishing an internet-based cybertheft operation referred to as ‘Phosphorus’“. Read the full report: The Kittens Are Back in Town Charming Kitten – Campaign Against Academic […]
Read More