This initial wave of Cyberav3NGERS penetration, whether real and manufactured, appears to be part of a group of other aggressive pirates that are believed to be widespread on behalf of Israeli army or intelligence agencies. That competing group, Known as predator birdShe has repeatedly targeted Iranian critical infrastructure systems with a hiding similarly behind the Hakti front. In 2021, more than 4000 Iranian gas stations disrupted all over the country. Then, in 2022, set fire to the steel factory in the most destructive electronic attack in history. After the Cyberrav3NGERS campaign in late 2023, and the firing of missiles against Israel by the Iranian -backed Houthi rebels, the predators pursued again by removing thousands of Iranian fuel stations in December of that year.
“My raw!” The predatory bird wrote on X, referring to Iran’s supreme leader in the Persian. “We will interact with your evil provocations in the region.”
The predators attacks were tightly focused on Iran. But Cyberrav3NGERS was not limited to Israeli targets, or even Israeli agencies made in other countries. In April and May last year, Dragos says, the group has violated an oil and gas company in the United States – Dragos refused to nominate anyone – by prejudice to the company’s Sophos and Fortinet devices. Dragos found that in the months that followed, the group was scanning the Internet of weak industrial control devices, as well as visiting web sites for those devices to read them.
After its attacks in late 2023, the US Treasury Department Six of IRGC officials imposed She says she was linked to the group, and the Foreign Ministry has put a $ 10 million bonus on their heads. But out of deterrence, Cyberrav3NGERS instead showed signs of development to a more widespread threat.
Last December, Claoty open Cyberav3ngers had a wide range of industrial control systems and Internet devices (IOT) all over the world using a piece of malware that you developed. The tool, called by Claroty iocontrol, was a Linux -based Poers that hidden its connections in a protocol known as MQTT used by the Internet of Things devices. It was planted on everything from routers to the camera to industrial control systems. Dragos says she has found group infected devices worldwide, from the United States to Europe to Australia.
According to Claroty and Dragos, the FBI took control of the driving server and control of iControl at the same time that Claruti’s report in December was carried, neutralizing malware. (The FBI did not respond to WIRED to comment on the process.) But Cyberrav3NGERS piracy is a serious development in the group’s tactics and motives, according to Nom Moshe, who is tracking the group for Claroty.
“We see Cyberav3NGERS, they move from the world of opportunistic attackers, as their goal was to publish a message in a constant threat world,” said Moshe. “They wanted to be able to infect all kinds of assets that they determine as decisive and leave harmful programs there as an option for the future.”
Exactly what the group might wait for – most likely some strategic moment in which the Iranian government can gain a geopolitical advantage of causing a wide -ranging digital disorder – away from clarity. However, the actions of the group indicate that he no longer seeks to send a protest message against Israeli military actions. Instead, Moshe says he is trying to get the ability to disrupt foreign infrastructure as desired.
He says: “This is like a red button on their office. In notification of the moment they want to be able to attack many different sectors, many different industries, and many different organizations, yet they choose.” “They do not go far.”
https://media.wired.com/photos/67f851640f2f379c898c627f/191:100/w_1280,c_limit/Bauxite%20Still.jpg
Source link