Wednesday, November 17, 2021

Lyceum is back! Targeting ISPs and other strategic targets 😡

Reports this week indicate that the notorious Iranian hacker group Lyceum has returned to chaos and this time mainly attacking Internet service providers and telecom companies in Morocco, Saudi Arabia, Israel and other companies in the wider Middle East including the African Ministry of foreign Affairs

The Lyceum group which was first discovered in 2017 and also known as Hexene has been identified as responsible for a number of cyberattacks in July and October 2021 according to information from Accenture Cyber ​​Threat (ACTI) and Prevailion's Adversarial counterintelligence groups (PACT). The main focus of the Lyceum Group is the implementation of computer network penetration events on a number of strategic target that are appropriate for the Iranian regime. It also now appears that they are expanding their reach to other targets even including places that are friendly to the Iran such as Tunisia.

                        Lyceum: Puppets of Regime!   

The hacker group appears to have stop used its famous Danbot .NET scripts and Powershell scripts to gain unauthorized access to the systems, and is now using a number of new technical techniques to do its evil work. Like the Base64-encoded Powershell scripts and new backdoors written in C++ which are new types of malware called James and Kevin. The group also relies on DNS tunneling which is an intrusion method for using DNS as a secret communication channel which is allowing the group to execute HTTP (S) commands using malicious C2 functionality. More scrutiny of source code also shows that Lyceum is also upgrading its backdoors to stay ahead of defense systems.

Lyceum is evil and guilty perpetrators of Iranian regime and seems to have continue committing ugly acts against other countries in the region regardless of whether they are friends or not. Please friends protect yourself against these types of attacks 🙏 by monitoring DNS traffic and being aware of suspicious domains and report them to threat information platforms.


Will this regime ever stop committing ugly acts in the region?? 😡😡


#cybercrime #cybersecurity #cybercrime #NET #Powershell #cyber #attack #C++ #HTTP #HTTPS #Morocco #SaudiArabia #Tunisa #Israel #Iran #IranianRegime #corrupt #evil   

By at
Labels: , , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)