Information Security News Disclosure Drama Clouds CrushFTP Vulnerability ExploitationDark Reading – Rob Wright CISA warns of Fast Flux DNS evasion used by cybercrime gangsBleepingComputer – Bill Toulas Google Quick Share Bug Bypasses Allow Zero-Click File TransferDark Reading – Tara Seals China-Linked Threat Group Exploits Ivanti …
In the latest of our series of discussions on CyAN’s YouTube channel“State of (Cyber)War” playlist about cyber conflict and -capabilities, Hugo Tarrida and John Salomon talk about the background and current state of cyber conflict in the Middle East.
We give an overview of some of the major state actors involved, and zero in on the structures, groups, and motivations of the two main regional adversaries – Iran and Israel.
Due to the volume of notes and supporting material, we’ve had to list it here instead. Check out the video at https://youtu.be/X3wkTszRlck or watch it here:
06:05 Stuxnet https://en.wikipedia.org/wiki/Stuxnet – IEEE Spectrum (https://spectrum.ieee.org/the-real-story-of-stuxnet) and Wired (https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/) have two among several good and detailed writeups of the attack
14:34 Not only have national cybersecurity agencies, such as the Saudi National Cybersecurity Authority (NCA) been taking this topic much more seriously in the form of activities such as preparedness exercises; various entities such as the GCC central banks have increased at least their willingness to discuss cooperation and cybersecurity information sharing across borders in the past 5 years.
18:05 UAE involvement in Sudan civil war: https://adf-magazine.com/2024/01/uae-role-in-sudans-civil-war-draws-criticism/ 18:07 ..for involvement in the Yemeni civil war, we’ll leave it as an exercise to the listener to find good sources. All the ones we could dig up on a quick search were either horribly out of date, biased, or very limited in scope.
23:35 Numerous organizations, in fact – e.g. the Iralnian Revolutionary Guard Corps’ Cyber-Electronic Command (IRGC-CEC). The following website has some interesting information, although we cannot guarantee its impartiality or accuracy: https://www.unitedagainstnucleariran.com/iranian-cyber-threat-structure
25:44 Again, OilRig / Helix Kitten / APT34 is only one of many groups involved in attacks directed specifically at Israel. The recent war in Gaza has also caused a dramatic rise in attacks from Hezbollah and related actors – again, at the very least, affiliated with Iran, but due to the nature of tensions in the region, these are very far from the only groups involved.
33:36 There are multiple instances related to Russian (not only) cyberattacks on power infrastructure. The specific example in question actually involved an attack on a local Russian power station: https://therecord.media/russian-alleged-hack-power-grid – Russian attacks on the US power grid have been more focused around scouting and preparing for potential cyberattacks, for example via the Pipedream malware: https://www.wired.com/story/pipedream-ics-malware/ This is part of a wider set of Russian activities and capabilities targeting adversaries’ power systems, including the BlackEnergy malware used in Ukraine in 2015: https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01
34:00 Interestingly, the American Enterprise Institute (center-right US think tank, YMMV) claims a letter (which a very brief Google search failed to turn up) signed by numerous Shia clerics calling for punishment of “cybercriminals”. What is included in their definition of cybercriminality is left as an exercise to the viewer: https://www.aei.org/articles/iran-prosecute-cybercriminals/
35:59 Remember that “cyber warfare” strictly speaking also includes C4I and other support and intelligence capabilities, not just 1377 h4x0rz