Iran

October 17, 2022

The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries’ email servers was hacked after the ”Black Reward’ hacking group published stolen data online. AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos. The agency says it immediately took the necessary preventive measures to mitigate the results of this incident and informed all concerned parties and officials to be prepared for potential exploitation attempts.

The hacker group responsible for the attack calls itself ‘Black Reward’ and has leaked some of the stolen data on their Telegram channel. Black Reward posted a 27GB 14-part collection of RAR archives allegedly containing 85,000 email messages characterized as “perfect for researchers.” The hackers’ message is signed “For women, life, freedom,” giving the email server breach and data leak action the character of hacktivism.

January 1, 2010

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

March 18, 2010

Stuxnet reportedly compromised Iranian PLCs, collecting information on from the industrial systems then downloaded a configuration to the controllers that caused the fast-spinning Uranium enriching centrifuges to tear themselves apart. Stuxnet has 3 major components; A worm module, A link file and a rootkit module. The worm propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Iranian sources confirmed that the Stuxnet malworm shut down uranium enrichment at Natanz for a week from Nov. 16 to 22, 2010.