Threats Feed|Lord Nemesis|Last Updated 13/03/2024|AuthorCertfa Radar|Publish Date07/03/2024

Lord Nemesis Targets Israeli Academia in Sophisticated Supply Chain Attack

  • Actor Motivations: Exfiltration,Sabotage
  • Attack Vectors: Compromised Credentials,Supply Chain Compromise
  • Attack Complexity: High
  • Threat Risk: High Impact/High Probability

Threat Overview

The Iranian hacktivist group Lord Nemesis, also known as 'Nemesis Kitten,' targeted the Israeli academic sector via a supply chain attack on Rashim Software, a provider of academic administration and training software. They breached Rashim's infrastructure and accessed its clients, including numerous academic institutions, by using stolen credentials and exploiting admin accounts on customer systems. This allowed them to extract sensitive data, circumvent multi-factor authentication, and instill fear by releasing findings and sending ominous warnings. The attack highlights the significant risks posed by third-party vendors and demonstrates the group's sophisticated planning and understanding of targeted IT environments.

Detected Targets

CaseRashim Software
Founded in 1988, Rahim Software LTD is the leading company in Israel in the field of software solutions for academic administration and training management. Rashim Software has been targeted by Lord Nemesis as the main target.
SectorInformation Technology

Extracted IOCs

  • 195[.]20.17.128
  • 195[.]20.17.171
  • 45[.]150.108.242

Tip: 3 related IOCs (3 IP, 0 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.

About Affiliation
Lord Nemesis