Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.
May 24, 2023
At least eight Israeli websites have been targeted in a watering hole campaign that researchers say could be the work of an Iranian nation-state threat group.
The attack campaign, discovered by ClearSky Cyber Security, focuses on shipping and logistics companies. Once a site is infected, a malicious script collects preliminary user information.
ClearSky said it has "a low confidence specific attribution" to the Tortoiseshell group out of Iran. The targeting of shipping and logistics companies aligns with Iran's history of cyberattacks against that sector over the past three years.
"Previous Tortoiseshell attacks have been observed using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appeared to be supply chain attacks with the end goal of compromising the IT providers' customers," the company claims. "The threat actor has been active since at least July 2018."
ClearSky tied the C&C server used in the attacks to Tortoiseshell.
Watering hole attacks have been part of the initial access vector used most overall by Iranian threat actors since at least 2017. ClearSky researchers observed four domains impersonating jQuery, and domain names impersonating jQuery were deployed in a previous Iranian campaign from 2017 using a watering hole attack.
Iranian threat actors traditionally have targeted Israeli websites in an attempt to collect data on logistics companies associated with shipping and healthcare. This latest website attack spotted by ClearSky is similar to an effort observed last year where an Iranian threat actor named UNC3890 was targeting shipping companies in Israel via a similar of type of attack.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024