Lebanese Cedar, a Hezbollah-affiliated group, is accused of hacking atlas 250 telco operators and internet service providers in several countries, notably the US, Lebanon, the UK, Saudi Arabia, Israel, Egypt, Jordan, the UAE, and the Palestinian Authority,.
According to ClearSky Security, shady network activities and hacking tools were found, in early 2020, in a spectrum of companies.
“Comprehensive forensic research of the infected systems revealed a strong connection to a threat actor we call ‘Lebanese Cedar’, which has been operating since 2012,” the Cyber Security agency stated in their report published on Thursday.
According to the report, the Hezbollah-affiliated group’s aim is to gather intelligence and steal databases.
“The attacks followed a simple pattern. Lebanese Cedar operators used open-source hacking tools to scan the internet for unmatched Atlassian and Oracle servers, after which they deployed exploits to gain access to the server and install a web shell for future access,” ClearSky explained.
Adding that “the Hezbollah-linked group then used these web shells for attacks on a company’s internal network, from where they exfiltrated private documents.”
ClearSky revealed that, once the group got access, they installed web shells (ASPXSpy, Caterpillar 2, Mamad Warning), as well as an open-source tool named JSP file browser.
On internal networks, the attackers deployed a tool named the Explosive remote access trojan (RAT), specialised in data exfiltration, according to ClearSky.
ClearSky noted that they were able to link the hacks made by Hezbollah’s cyber unit because the Explosive RAT’s tool was until now exclusively used by the Lebanese Cedar group.
Mistakes made by the Hezbollah-affiliated group, such as reusing files during intrusions, also made it easier for ClearSky researchers to track the attacks across the globe and link them to the group.
ClearSky published a list of some of the victims of the hack, including SaudiNet in Saudi Arabia, Vodafone Egypt, Frontier Communications in the US, and Etisalat UAE.
Comprehensive details could be read in the cyber security’s report.
Our team works tirelessly to ensure Lebanese people have a reliable alternative to the politically-backed media outlets with their heavily-funded and dangerous propaganda machines. We've been detained, faced nonstop cyber attacks, censorship, attempted kidnapping, physical intimidation, and frivolous lawsuits draining our resources. Financial support from our readers keeps us fighting on your behalf. If you are financially able, please consider supporting The961's work. Support The961. Make a contribution now.