CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild

A new zero-day vulnerability, CVE-2024-43451, was discovered by ClearSky Cyber Security in June 2024. This vulnerability affects Windows systems and is being actively exploited in attacks against Ukrainian entities. The vulnerability activates URL files containing malicious code through seemingly innocuous actions: The malicious URL files were disguised as academic certificates and were initially observed being […]

Read More

Fata Morgana: Watering hole attack on shipping and logistics websites

ClearSky Cyber Security has detected a watering hole attack on at least eight Israeli websites. The attack is highly likely to be orchestrated by a nation-state actor from Iran, with a low confidence specific attribution to Tortoiseshell (also called TA456 or Imperial Kitten). The Infected sites collect preliminary user information through a script. We have […]

Read More

Lyceum suicide drone

ClearSky discovered a new malware associated with the Iranian SiameseKitten (Lyceum) group withmedium-high confidence.The file is downloaded from a domain registered on June 6th, and it communicates with a previously unknown command and control server whose IP address is adjacent to that of the domain. This indicates an attacker-controlled at least two IP’s on the […]

Read More

New Iranian Espionage Campaign By “Siamesekitten” – Lyceum

At the beginning of May 2021, we detected the first attack by Siamesekitten on an IT company in Israel. Siamesekitten (also named Lyceum/Hexane) is an Iranian APT group active in the Middle east and in Africa that is active in launching supply chain attacks. To this end Siamesekitten established a large infrastructure that enabled them […]

Read More

Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)

CryptoCore is an attack campaign against crypto-exchange companies that has been ongoing for three years and was discovered by ClearSky researchers. This cybercrime campaign is focused mainly on the theft of cryptocurrency wallets, and we estimate that the attackers have already made off with hundreds of millions of dollars. This campaign was also reported by […]

Read More

‘Lebanese Cedar’ APT

In early 2020, suspicious network activities and hacking tools were found in a range of companies. Comprehensive forensic research of the infected systems revealed a strong connection to a threat actor we call ‘Lebanese Cedar’, ‘Lebanese Cedar’ APT has been operating since 2012. These operations were first discovered by Check-Point researchers and Kaspersky labs in 2015. […]

Read More

Pay2Kitten – Fox Kitten 2

During the past four months a wave of cyber-attacks has been targeting Israeli companies. The attacks are conducted by different means and target a range of sectors. We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an  Iranian  APT group that began a new wave of attacks […]

Read More

Operation Quicksand

During September 2020, we identified a new campaign targeting many prominent Israeli organizations. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm). MuddyWater was previously exposed as a contractor for the IRGC (Islamic Republic Guard Corps). ClearSky and Profero comprehensively researched this campaign. During the campaign, […]

Read More

Operation ‘Dream Job’ Widespread North Korean Espionage Campaign

During June-August of 2020, ClearSky’s analysis team had investigated an offensive campaign attributed with high probability to North Korea, which we call “Dream Job”. This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. Its main […]

Read More