Iranian government-sponsored hackers deploy massive ransomware campaign

A recent security report states that the Iranian government is behind an ambitious ransomware campaign deployed through an Asian-based contracting company. According to Flashpoint experts, Iran’s Islamic Revolutionary Guard Corps (IRGC) is operating this campaign through a company called Emen Net Pasagard.

This campaign, identified as “Project Signal” would have started in mid-2020 with the identification of some websites as potential cyberattack targets. Flashpoint experts mention that the motivations of this group are completely financial, in addition to being able to describe the working mechanisms of hackers, including the use of Bitcoin and the leakage of compromised information.

FUENTE: Flashpoint

However, the investigators were unable to confirm if the attacks occurred strictly as described in the hacker documents or whether the above objectives were actually compromised, although some things are known about the aforementioned contracting company: “ENP operates on behalf of Iranian intelligence services, including the Ministry of Intelligence and Security and Quds forces” experts say.

Another theory of researchers is that hackers are simply mimicking the tactics and procedures of some ransomware groups in order to make it difficult to detect or to make researchers mistakenly attribute these attacks to certain better-known hacking groups.

The detection of this campaign coincides with the launch of “Pay2Key”, an attack project that engaged dozens of Israeli-based companies. Subsequent investigations mention that the attack would have been deployed by a hacking group identified as Fox Kitten, although the possibility of a link between the two campaigns has not been mentioned.

Other major investigations have focused on the activities of Iran-based and government-sponsored hacking groups. Previously the cybersecurity community warned of a hacking group identified as OilRig, which had a huge arsenal of cyber weapons at its disposal; a report detailing the activities of at least 66 potential attack targets around the world was added to this report. 

This news also occurs at the time of the launch of Ransomware Task Force, a joint effort by multiple technology companies and government organizations to try to stop the growth in the activity of encryption malware operator groups, publishing updated information and issuing guidelines for prevention and, where appropriate, attention to these attacks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.