Threats Feed

Clearsky's "Thamar Reservoir" report details a sustained Iranian cyber-attack campaign targeting over 550 individuals, primarily in the Middle East. The attacks, which began in 2014, used a variety of techniques, including spear-phishing emails with malware, phone calls, and compromised websites to create fake login pages. The attackers were persistent but lacked technical sophistication and made mistakes that aided the investigation. The report concludes that the campaign's targets and methods strongly suggest Iranian state sponsorship, and links it to other known Iranian cyber operations.

This Trend Micro report details the activities of Rocket Kitten, a cyber threat group targeting Israeli and European organisations. The report focuses on two campaigns: a malware campaign using the GHOLE malware, possibly dating back to 2011, and a suspected state-sponsored operation, 'Operation Woolen-GoldFish', involving spear-phishing attacks. Analysis shows possible links to an individual using the alias "Wool3n.H4t", possibly Iranian, and highlights the group's increasing sophistication despite using relatively simple techniques such as macros. The overall aim is to inform readers of Rocket Kitten's methods and suspected politically motivated objectives, suggesting Iranian involvement.