Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks


Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.



At least eight Israeli websites have been targeted in a watering hole campaign that researchers say could be the work of an Iranian nation-state threat group.
The attack campaign,
discovered by ClearSky Cyber Security
, focuses on shipping and logistics companies. Once a site is infected, a malicious script collects preliminary user information.
ClearSky said it has a low confidence specific attribution to the Tortoiseshell group out of Iran. The targeting of shipping and logistics companies aligns with Irans history of cyberattacks against that sector over the past three years.
Previous Tortoiseshell attacks have been observed using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appeared to be supply chain attacks with the end goal of compromising the IT providers customers, the company claims. The threat actor has been active since at least July 2018.
ClearSky tied the C&C server used in the attacks to Tortoiseshell.
Watering hole attacks have been part of the initial access vector used most overall by

Iranian threat actors since at least 2017. ClearSky researchers

observed four domains impersonating jQuery, and domain names impersonating jQuery were deployed in a previous Iranian campaign from 2017 using a watering hole attack.
Iranian threat actors traditionally have targeted Israeli websites in an attempt to collect data on logistics companies associated with shipping and healthcare. This latest website attack spotted by ClearSky is
similar to an effort

observed last year where an Iranian threat actor named UNC3890 was targeting shipping companies in Israel via a similar of type of attack.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks