Australia PROMISE to retaliate to any cyber attack from Iran! 😲

Australia WILL RETALIATE to any cyber attack from Iran! 

Earlier this week it was reported that defense minister of Australia Peter Dutton stated that any cyber attack that originates from Iranian regime will be responded to by Australia "by an equal measure" 😮

Peter Dutton also says that officials in Australia are monitoring malicious cyber activity on a daily basis. And even though Australia has not been targeted for a month Peter Dutton is concerned that Australia could become collateral damage in a cyber war between other countries. He give example of instances were Microsoft is hacked like they were last week by Lapsus$. Hacks like this also will affect Australian government and innocent Australian people too. He also says that Australia would anticipate hacks from regimes like Iran ahead of time. 

Microsoft was hacked by Lapsus$ last week

Australia works very closely with the United States and the UK and have just opened up a new cyber security center in Australia capital of Canberra to monitor malicious cyber threats. 

Cyber war is changing especially with Russian invasion of Ukraine. And cyber attacks can cause so much damage such as loss of money or business collapse and at the worst injury or loss of life to people.😢

Iran has been publicly named by Australia since 2017 as a country that has launched malicious cyber activities against Australia and Australia will continue to publicly attribute Iran and expose attacks made by them to deter the threat. Iranian regime needs to change its ways!! 😤 

NEW RANSOMWARE detected! LokiLocker could originate from Iran!

 

New Ransomware LokiLocker!!! 

It has been reported by BlackBerry Threat Intelligence that a new Ransomware as a Service program has been identified called LokiLocker! 😱

LokiLocker encrypts files and will render a machine unusable if  victim does not pay in time also LokiLocker is a new ransomware software targeting victims who use Windows OS. It also seems that LokiLocker is developed by an Iranian group called AccountCrack also at least three of  known LokiLocker users use usernames that are only found on Iranian hacking channels. LokiLocker should also not be mistaken for Locky or LokiBot as it is a NEW Ransomware program!

LokiLocker config source code 

LokiLocker malware appears to be written in .NET and protected with NETGuard using an additional virtualization plugin called KoiVM. This ransomware then encrypts victim’s files on local drives and network shares with a standard combination of AES for file encryption and RSA for key protection. It then ask victim to email attackers on how to pay ransom. LokiLocker also has a wiper functionality – if victim does not pay all non-system files will be deleted and MBR overwritten - wiping all victim’s files and rendering system unusable!

Could LokiLocker have been developed by Iran?? 

It appears that LokiLocker works as a service that appears to be sold to small number of hackers. It is not clear yet whether this means they come originate from Iran or not, but all evidence seen so far point to corrupt regime! 

Iran launches BRUTAL cyber attack on Israel!! 😲😲

Khamenei loves DDoS attacks as much as me loves spreading terror!! 

Reports suggest that earlier this week Israel government websites were hit by massive cyber attack from Iran!😲

Communications ministry in Israel says that the attack which is suspected to be a DDoS attack blocked access to a number of websites in Israel including websites that are critical to innocent people like medical centers. National cyber directorate of Israel also published a report recently that stated the quality and scale of cyber attacks coming from Iran has increased dramatically in the past year which signals a worrying statement of intent from a regime that loves to cause terror.

This DDoS attack is further retaliation after Iran fired several ballistic missiles into Iraq in response to an Israeli strike that killed 2 IRGC officers in Syria recently. 

Iran launched a missile strike into Iraq earlier this week 

When will this madness end?? 

 

Increase of Iranian cyber attacks on India! Deployment of deadly ransomware in schools!

Local media in India report that cyber attacks from Iran are on the rise. Local media reports indicate that schools and banks as well as government departments such as the police force and defense agencies have been severely targeted. This new wave of cyber attacks has been reported mainly in Kerala and New Delhi as well as in areas such as Bihar and West Bengal.

The Ministry of Home Affairs in India has said that experts are being pressured to accept the requests as a result of the ransomware attack because they are afraid of data being put on  dark web if they do not pay. This type of attack is called Lock and Leak attacks and is very popular with cyber criminals in the Iranian regime.

This follows a public warning that Google issued in 2021 at the CharmingKitten AKA APT35, and I wrote a blog about it here. In that warning, Google said CharmingKitten was using phishing tools to collect data from innocent victims.

Google advisory of CharmingKitten in 2021 

India has always been accustomed to cyber threats from Pakistan and China, but now Iran has to intervene again illegally in another country! When will it stop ??? 😤😤

Iranian hacking group MuddyWater runs new cyber attack campaign in shadows of Russia invasion of Ukraine

 

Khamenei Loves War and Terror! 

Russia Invasion of Ukraine have now entered a full scale cyber war 😢. Hacktivist group Anonymous have retaliated taking out several key communication tools of Russia but it has been reported by Hacker News and Several Other News outlets that Iran has now come to the aid of its ally Russia with State-backed Hacking group MuddyWater now increasing it's activity 😡

In a joint US and UK Release multiple security agencies has put out a warning on MuddyWater saying they are targeting government industries and small private business including those in critical infrastructure and healthcare! 

Manually Generated Telegram Beacon 

The MuddyWater Hacking group steals data like passwords and online accesses which is then passed to disgusting regime controlling Iran and its allies including Russia. They use tools such as manually generated Beacon to harvest data of Telegram like one above. 

 

        MuddyWater runs under Iran's Ministry of Intelligence (MOIS)

The US Cybersecurity and Infrastructure Security Agency (CISA) in there report said MuddyWater is under the control of the Iranian Ministry of Intelligence and Security agency otherwise known as MOIS. Iran is a staunch Russia ally and needs support of Russia  especially now its increasing its nuclear program with JCPOA talks stalling. 

Khamenei has not denounced the Russian military operation in Ukraine and has suggested the root cause of the war was the “mafia regime” of the US and the polices of Western powers.

CISA Report : https://www.cisa.gov/uscert/ncas/alerts/aa22-055a

End these evil dictatorships! We want Peace!#StandWithUkraine