1 / 10

How are Iranian hackers utilizing Dropbox in a cyber-espionage campaign

Security vendor Cybereason published a document recently indicating Iran's MalKamaki Cyber threat group has operated in the wild and stayed undetected by using Dropbox's cloud storage service since 2018. Companies in the telecoms and aerospace industries were targeted, including those in the Middle East, Russia, and Europe.<br>

infosectrain1
Download Presentation

How are Iranian hackers utilizing Dropbox in a cyber-espionage campaign

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How are Iranian hackers utilizing Dropbox in a cyber-espionage campaign? www.infosectrain.com | sales@infosectrain.com

  2. Security vendor Cybereason published a document recently indicating Iran's MalKamaki Cyber threat group has operated in the wild and stayed undetected by using Dropbox's cloud storage service since 2018. Companies in the telecoms and aerospace industries were targeted, including those in the Middle East, Russia, and Europe. www.infosectrain.com | sales@infosectrain.com

  3. Cybereason researchers Assaf Dahan, Daniel Frank, Tom Fakterman, and Chen Erlich wrote in the report that the intrusions are motivated by a cyberespionage campaign against a very small set of carefully selected targets. This can be affirmed by the fact that very few samples have been detected in telemetry or in the wild since 2018, as compared to commodity malware, which is most widely distributed.  "ShellClient," a Remote Access Trojan (RAT), is the primary tool used by the group to compromise systems and spread around networks undetected by antivirus software. Using Dropbox file storage as a command and control platform is one of the more interesting tactics adopted by the group. It is possible for the malware to control and transfer files without being detected by network monitoring tools by running checks every two seconds via the Dropbox API. In the report, it was noted that the malware's C2 communications were quite unique, involving 'cold files' being saved to a remote Dropbox instead of a common interactive session. Interestingly, this method of communication is a form of Operational Security, as it undermines the ability to track threat actors' infrastructure by utilizing a public service like Dropbox www.infosectrain.com | sales@infosectrain.com

  4. One of the questions raised during the investigation was, "How far back can the malware be traced?" the researchers said. "First, it was assumed to have been developed recently since there was no publicly accessible documentation or anything like that." Although the code indicates that the sample analyzed is version 4.0, this implies there are several previous versions. Are you also willing to learn more tricks, tools, concepts, threats, and attacks, of cybersecurity? Then join InfosecTrain to get the best quality training.  InfosecTrain InfosecTrainis a leading provider of consultancy services, certifications, and training in information technology and cyber safety. Our accredited and skilled trainers will help you understand cybersecurity and information security and improve the skills needed. Not only do they give you the best training, but they will also expose you to new challenges that will be very helpful to you in the coming future. Enroll in our Cyber Securitycourse today to experience the practical sessions and excellent training from the best trainers. www.infosectrain.com | sales@infosectrain.com

  5. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  6. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  7. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  8. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  9. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-722-11127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related