We are happy to present our half-year report summarizing cyber events for the first half of 2019. This report provides an in-depth review of significant trends, as well as major attack events in the cyber landscape – a combined effort of our intelligence research, threat-hunting and analyst teams. Read the full report: 2019 H1 Cyber […]
Read MoreYemen-Based Disinformation Campaign Distributing Fake News in Israel and the Arab World
On July 25th, 2019, several social media profiles propagated fake news claiming that two famous Israeli women, Yona Elian And Roni Dalumi (an actor and a singer, respectively), have died. These accounts posted the story on Israeli media outlets pages, as well as a number of Israeli social media groups, primarily on Facebook. Read the […]
Read MoreIranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
In recent months, there has been considerable unrest in the Iranian cybersphere. Highly sensitive data about Iranian APT groups were leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel. The first leak uncovered attack frameworks and web shells of APT-34 (Known as OilRig group). This was followed […]
Read MoreIranian Nation-State APT Groups – “Rana Institute” Leak
Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation. The identity of the actor behind the leak is currently unknown, however based on the scope […]
Read MoreIranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey
In our ongoing investigations of Iranian APTs, we recently detected additional documents related to previously attack infrastructures used by the Iranian APT – “MuddyWater”, which we reported on in late November 2018. As a reminder, we identified two domains, that were hacked by the group and used to host the code of POWERSTATS; a malware […]
Read MoreYear of the Dragon – Summary report of cyber events for 2018
We are happy to present our yearly summary report of cyber events for 2018. This report is a combined effort of our intelligence research, threat-hunting and analyst teams. One of the biggest challenges in cyber space is the overwhelming, and at times contradicting amount of data we are confronted with on a daily basis. As […]
Read MoreGlobal Iranian Disinformation Operation
Throughout 2018, Clearsky Cyber Security has uncovered several disinformation campaigns operated by Iran (As can be seen in Ayatollah BBC report). Below, we provide an overview of a large-scale fake news infrastructure promoting Iranian global interests comprised of at least 98 fake media outlets; each with its own websites, social media accounts, and pages that […]
Read MoreMuddyWater Operations in Lebanon and Oman
Abstract MuddyWater is an Iranian high-profile threat actor that’s been seen active since 2017. The group is known for espionage campaigns in the Middle East. Over the past year, we’ve seen the group extensively targeting a wide gamut of entities in various sectors, including Governments, Academy, Crypto-Currency, Telecommunications and the Oil sectors. MuddyWater has recently […]
Read MoreInfrastructure and Samples of Hamas’ Android Malware Targeting Israeli Soldiers
Earlier today the Israel Defense Forces (IDF) uncovered a campaign they attribute to Hamas, in which fake Facebook profiles were used to lure soldiers to install Android malware. ClearSky has been monitoring this campaign and would like to share indicators related to it. We were unable to find technical similarities or infrastructure overlap with a known […]
Read MoreAyatollah BBC – An Iranian Disinformation Operation Against Western Media Outlets
Monitoring Iranian activity in cyberspace, we have uncovered an online propaganda-and-disinformation operation, containing dozens of websites that impersonate western media outlets. At the center of the operation is the BBC Persian website. We call this operation Ayatollah BBC. We estimate that the main objective of the operation is to undermine the credibility of western media […]
Read More