Lord Nemesis Targets Israeli Academia in Sophisticated Supply Chain Attack
- Actor Motivations: Exfiltration,Sabotage
- Attack Vectors: Compromised Credentials,Supply Chain Compromise
- Attack Complexity: High
- Threat Risk: High Impact/High Probability
Threat Overview
The Iranian hacktivist group Lord Nemesis, also known as 'Nemesis Kitten,' targeted the Israeli academic sector via a supply chain attack on Rashim Software, a provider of academic administration and training software. They breached Rashim's infrastructure and accessed its clients, including numerous academic institutions, by using stolen credentials and exploiting admin accounts on customer systems. This allowed them to extract sensitive data, circumvent multi-factor authentication, and instill fear by releasing findings and sending ominous warnings. The attack highlights the significant risks posed by third-party vendors and demonstrates the group's sophisticated planning and understanding of targeted IT environments.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Rashim Software Founded in 1988, Rahim Software LTD is the leading company in Israel in the field of software solutions for academic administration and training management. Rashim Software has been targeted by Lord Nemesis as the main target. | Verified |
| Sector | Information Technology | Verified |
| Sector | Education | Verified |
| Region | Israel | Verified |
Extracted IOCs
- 195[.]20.17.128
- 195[.]20.17.171
- 45[.]150.108.242
Tip: 3 related IOCs (3 IP, 0 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.