Iranian hackers used advanced malware to target Israeli, American companies

The report indicated that the threat from MalKamak is still active.

By Lauren Marcus, World Israel News

Hackers acting on behalf of Iran have been conducting intensive cyber espionage via stealth malware, focusing on Israeli, American, and European targets, according to a bombshell report from a cybersecurity company released Wednesday.

Tel Aviv-based firm Cybereason found that MalKamak, an Iranian-backed group, has stolen sensitive data and information from what appear to be hand-picked targets since 2018.

“This is a very, very targeted type of attack,” Assaf Dahan, head of threat research at Cybereason, told ZDNet. “We’ve only managed to identify around 10 victims worldwide.”

Using a previously unknown remote access Trojan (RAT), named ShellClient, MalKamak penetrated the internal networks of aerospace and telecommunications companies.

“Once they’re in, they start conducting extensive reconnaissance of the network. They map out the important assets – the crown jewels they would go for, key servers such as the Active Directory, but also business servers that contain the type of information that they’re after,” Dahan explained.

Each year, MalKamak would update their malware in order to keep avoiding detection. According to Cybereason, Israeli companies were among the victims of the long-term hacking, and said that they had notified the appropriate security officials.

“The most recent ShellClient versions observed…follow the trend of abusing cloud-based storage services, in this case the popular Dropbox service,” the report noted.

Dahan said that hackers typically slip up once they ratchet up their efforts, and attributed the discovery to this phenomenon.

“According to what we’re seeing, in the last year, they picked up the pace. Sometimes when you’re faster you can be slightly sloppy or simply there’ll be more instances that would be detected,” he told ZDNet.

The report indicated that the threat from MalKamak is still active.

Cybereason hopes that the report will “inspire further research regarding…the newly identified MalKamak activity group, and that it will ultimately assist in shedding more light on this mysterious malware that was kept well-hidden for many years.”