Categories: Cyber Hacking News

Lebanese Cedar Targeted Telecoms, Hosting’s, ISPs Worldwide

 

A “persistent attacker group” with supposed connections to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into organizations worldwide and extract significant data. In another report published by the ClearSky research group on Thursday, the Israeli cybersecurity firm said it recognized at least 250 public-facing web servers since early 2020 that have been hacked by the threat actors to gather intelligence and take the organization’s databases. The coordinated intrusions hit a ton of organizations situated in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and facilitating and infrastructure service providers (Secured Servers LLC, iomart). 

Related Post
  1. Moroccan Islamic Union-Mail hacks 5 Italian Government websites
  2. Telecoms industry facing increased DDoS attacks, report warns
  3. Pakistani hacker group ‘Team MaXiMiZerS’ hacks India’s Kerala state Government websites
First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to infiltrate an enormous number of targets utilizing different assault procedures, including a custom-made malware implant codenamed Explosive. Lebanese Cedar has been recently associated with Lebanese roots — explicitly Hezbollah’s cyber unit — regarding a cyber espionage campaign in 2015 that focused on military providers, telecom organizations, media outlets, and universities. 
The Lebanese Cedar hackers utilized open-source hacking tools to check the web for unpatched Atlassian and Oracle servers, at that point they utilized exploits to access the server and send a web shell to acquire traction in the target system. 
The assailants utilized basic 1-day vulnerabilities dependent on the vulnerable versions of the services in the undermined servers. Utilizing the three flaws in the servers (CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152) as an attack vector to acquire underlying traction, the assailants at that point infused a web shell and a JSP file browser, the two of which were utilized to move laterally across the network, fetch additional malware, and download the Explosive RAT, which accompanies abilities to record keystrokes, capture screenshots, and executes arbitrary commands. 
ClearSky noticed that the group’s utilization of web shell as its essential hacking tool might have been instrumental in driving researchers to a “dead-end in terms of attribution.” “Lebanese Cedar has shifted its focus significantly. Initially, they attacked computers as an initial point of access, then progressed to the victim’s network then further progressing to targeting vulnerable, public-facing web servers,” the researchers said.

Click here for image source link and to read full Article

Read More on Cyber Hacking News

Leave a Comment
Leave a Comment
Share
Tags: CedarE Hacking News - Latest Hacker News and IT Security NewsE Hacking News - Latest Hacker News and IT Security News: Lebanese Cedar Targeted TelecomsHosting’sISPsISPs WorldwidelebaneseLebanese Cedar Targeted TelecomstargetedtelecomsWorldwide
3 years ago

Recent Posts

rewrite this tittle: Understanding Peer-to-Peer Crypto Trading: Benefits and Threats

Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More

2 weeks ago

Human Art Will Become More Valuable with the Help of AI

AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More

1 year ago

Report Claims UK Government to Restrict TikTok Usage on Smartphones

UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More

1 year ago

The Potential Impact of ChatGPT and Generative AI on Travel

How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More

1 year ago

Unraveling the Enigma of Pluto: Is It a Dwarf Planet, Comet, or Asteroid? Uncover the Facts.

The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More

1 year ago

A LinkedIn Connection Request From a Spy

A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More

1 year ago