Introduction

If you were hoping for a peaceful autumn devoid of cyberattacks, then sit down for some bad news: An Iranian hacker group is going after Microsoft Exchange Servers and an infamous vulnerability, ProxyLogon, to exploit target systems and steal extremely sensitive data.

They’ve already targeted more than 30, and successfully sabotaged over 20, Israel-based companies through malware that opens an illegal backdoor into the systems.

The hackers are calling themselves Ballistic Bobcat.

When Bobcats Attack

Since 2021, organizations have been discovering vulnerable backdoors opened up by malware. Ballistic Bobcat has been using this technique to spy on everyone from businesses to defense contractors, and even diplomats! Other sectors that have reported suspicious activity, which experts believe to be linked to this same group, include education, government, healthcare organizations and human rights activists.

How does it work? They try everything: spear phishing, watering holes, exploiting known vulnerabilities, etc. Once they have gained access, they will typically install a backdoor or other malware to allow them to maintain access to the network. They have also been known to use ransomware to encrypt victim data and demand a ransom payment.

In addition to Israel, Ballistic Bobcat has also been linked to similar attacks in the Middle East and even all the way in Brazil. Is it going to keep creeping up on new countries? Only time will tell.

Ballistic Bobcat has also been dubbed Charming Kitten, APT35 and Mint Sandstorm.

This hacker group has established themselves as a serious threat to organizations in the Middle East and beyond. It is important for organizations all around the world to be aware of the threat actors’ activities and to take steps to protect themselves from similar attacks!

Conclusion

Keep yourself protected from any threats coming your way.

  • Implement a strong security awareness program to educate employees about phishing and other social engineering attacks.
  • Keep all software up to date, including operating systems, web browsers, and applications.
  • Use a firewall to block unauthorized traffic from entering the network.
  • Use intrusion detection and prevention systems (IDS/IPS) to monitor for malicious activity.
  • Back up data regularly so that it can be restored in the event of an attack.

By taking these steps, organizations can help to protect themselves from Ballistic Bobcat and other advanced persistent threat (APT) groups. APTs tend to be highly sophisticated and well-funded, thus they are prepared to work steadily toward bigger, long-term goals. They can also cause significant damage to an organization, as demonstrated quite adeptly by Ballistic Bobcat in these past few years.

None of this is meant to make you worry. On the contrary, it’s to keep you up to date with the latest threats to your systems and data, so that you can make smarter and more effective decisions moving forward. Together we can keep our most confidential data, well, confidential!

References