Earlier this month, Microsoft deployed the DART team to take an investigation against recent cyberattacks that struck Albania. Microsoft managed to find the source of the attack and discuss how to defend against future attacks similar in nature.
On July 15, 2022, actors sponsored by the Iranian Government launched a cyberattack on Albania. In addition to the attack, they leaked sensitive information they had captured months beforehand. Websites and social media were used to spread the information.
The researchers have identified a number of stages in the campaign the threat actors used such as Initial intrusion, Data exfiltration,Data encryption and destruction and Information operations.
According to Microsoft multiple Iranian actors participated in this attack—with different actors responsible for distinct phases as mentioned below.
- DEV-0842 deployed the ransomware and wiper malware
- DEV-0861 gained initial access and exfiltrated data
- DEV-0166 exfiltrated data
- DEV-0133 probed victim infrastructure
Microsoft identifies emerging threats with a development designation such as DEV-00###. Once the activity meets certain criteria, it is assigned a named actor.
Microsoft detected linked activity that indicates to moderate confidence that the actors involved in gaining initial access and exfiltrating data in this attack are linked to EUROPIUM. This group has been publicly connected with Iran’s Ministry of Intelligence and Security (MOIS) and has been detected by Microsoft using three separate signature clusters.
North Korean Lazarus Hackers Target Energy Providers Across the World
WT1SHOP Site Shut Down Authorities for Selling Stolen Credentials and Credit Cards
Why You Should Update Your Google Chrome Right Now?