No new nuclear deal to be reached until Iran release Hostages: Iranian regime has no interest in releasing innocent people

JCPOA members 

The latest news from Vienna indicates that US position is that there will be no new nuclear arrangements until Iranian regime releases four American hostages. Iran says this will not happen 😤

U.S.A. Special Envoy for Iran Robert Malley states that even though release of these 4 US hostages is a separate issue from the nuclear deal it is unlikely that a new agreement to save JCPOA will be reached without these 4 innocent hostages being released. Saeed Khatibzadeh who is a Iranian Foreign Ministry spokesman stats that "Iran has never accepted and preconditions.... The U.S. official's comments on the release of U.S. prisoners' in Iran is for domestic use". This indicates that this Iranian regime has no Interest in releasing these hostages who have been jailed on false charges and that they are not serious about nuclear deal negotiations.

U.S.A. Special Envoy for Iran Robert Malley and Iranian Foreign Ministry spokesman Saeed Khatibzadeh

It is time for the United States and other member states of the nuclear agreement to withdraw from the Vienna talks. It is clear that the Iranian regime is not serious about the nuclear agreement and JCPOA negotiations! At the same time, innocent people are rotting in Iranian prisons, and innocent Iranians have no money for food! Really shocking situation!

Iranian Regime meddling again! Meta/Facebook removes Iran Backed malicious accounts targeting UK

Meta removed over 130 Iran state backed malicious accounts

Earlier this week, news broke that Meta had deleted eight Facebook accounts and more than 126 Instagram accounts originating in Iran last month. These malicious accounts are believed to be an attempt to spread misinformation and anger across Scotland, a British country seeking independence from Britain, as well as an escalation of anger over  current corruption surrounding British Prime Minister Boris Johnson.

Scottish Independence and British Prime Minister Boris Johnson 

This network was apparently easy to identify from accounts, as it promoted  #popular hashtags that supported Independence and Boris Johnson scandals, but these were often misspelled and simple to spot. They also tried to follow local football teams in UK to create accounts. To look more realistic they also create profile images through artificial intelligence techniques or British or Iraqi celebrities. Meta said in a statement that people who run these accounts appear to have a history of teaching English and may have been part of a similar plan in December 2020.

This corrupt regime can not stop interfering in affairs of other countries, although there are many problems inside Iran itself !! 😡😡

Iranian Government to allow cryptocurrency to be used as a legal currency in international transactions which is a clear violation of sanctions

There has been several reports over the last few days from news agencies such as Tahlil Bazzar that Iranian Government are going to allow cryptocurrency such as Bitcoin BTC and Ethereum ETH to be used on international transactions which will be clear breach of sanctions placed on regime.

Alireza Peyman Pak who is head of Trade Promotion Organization of Iran says move to allow cryptocurrency for international transactions will provide new opportunities for importers and exports to use cryptocurrency has already been reached with Central Bank of Iran and everything should be confirmed in weeks. He also says that if Iran did'nt use cryptocurrency then it would lose out on trade with big markets such as India Russia China. 

Alireza Peyman Pak

What  Alireza Peyman Pak did not say was that as Rial is so weak and also trade is so restricted by sanction in Iran that entering the unregulated Cryptocurrency space will then allow Iranian regime to commit Illegal deals and money transfers with ease. they will be rubbing shoulders with Criminal! 

Is this really image of Iran that Iranian government wants to project to rest of world???  

Revealed: Iranian State Hackers APT35 AKA CharmingKitten using very bad cybersecurity practices to exploit Log4j vulnerability and release new PowerShell Module

It has been reported by Check Point Research that hackers sponsored by Iranian State CharmingKitten AKA APT35 has been attempting to sue Log4j vulnerability on public systems to create chaos however their attempts have been very poor and have led to easy detection. It was discovered that APT35 had been using open source Java library named JNDIExploit to attack victims and than sent a poisonous payload in a HTML Header which then builds and returns a malicious Java Class which eventually downloads a PowerShell Module called CharmPower from an Amazon S3 URL Link. 

Source code of PowerShell Module 

Once CharmPower module is implanted on victims machine it could do many things. It could make sure that network connection exists or collect system data. It could also install further PowerShell modules for C2C execution which could mean that screenshots could be taken from victims machine or running processes could be monitored at same time as sending logs back to remote server.

Normally with this type of attack it is normally very difficult to put blame on a group however CharmingKitten are well known to use very poor Cybersecurity practices and they have used code from a previous cyber attack again here which means blaming them is very easy. What amateurs!! 😂😂

It is clear that this is just start of Iranian regime hackers using Log4j vulnerability for their evil ways. Please friends update your systems to latest patch and stay alert for new PowerShell Script CharmPower. I will continue to investigate!!  

Iranian group APT ITG17 AKA MuddyWater using PowerShell back door to hack Slack and abuse C2C privileges

IBM Security X-Force reports that Iranian government actor MuddyWater used a PowerShell back door known as Aclip to use Slack as a means of attacking airlines. It turned out that these cybercriminals were using the free workspaces in Slack to hide malicious traffic and then commit C2C crimes against airline employees.

This activity was first discovered by MuddyWater Hacking Group in October 2019, when a malicious backdoor called Aclip was first developed. Aclip then executes the command and control over the Slack API to receive data and commands.

Diagram of Aclip Backdoor execution 

Aclip first runs through the aclip.bat file and then collect hostname username and external IP from victims in base64 format. Then by running C2C the screenshots are taken in PowerShell and saved in the% TEMP% folder. The C2 server used was 46.166.176 [.] 210.

After the IBM X-force found the breach, Slack removed the free workspaces used by the backdoor but it is clear that MuddyWater will continue its efforts to use C2C for malicious gains. They must be stopped !! 😡😡

Iranian hackers Shia Eagle hack Jerusalem Post and Maariv Online on anniversary of Soleimani's death. ⚰️

On Monday it was revealed that the Israeli newspapers Jerusalem Post and Maariv Online had been hacked and hacked exactly two years since Soleimani's death. Both newspaper websites with defaced with a threatening image claiming revenge for Soleimani's death. This image shows the Dimona nuclear base in Israel being destroyed by a rocket fired from a hand very similar to Soleimani's.

        Image that was displayed on hacked websites after attack

No hacker group inside Iran has officially claimed responsibility for the attack, but a Twitter account called @shiaeagle posted several tweets at the time of the attack that strongly claimed responsibility. Twitter has since blocked the account.

                Shia Eagle twitter account which is now banned 

It is clear that in 2022 this cyber war between Israel and Iran has no sign of stopping.😢 This cyber attack could also be a statement by this corrupt Iranian regime that its nuclear program is being implemented at 100 percent and could be used as another negotiating tactic in the JCPOA Vienna talks. very sad!!!! 😭