Iranian-affiliated hacking group has successfully breached computer systems of 34 companies

Iranian-affiliated hacking group has successfully breached the computer systems of 34 companies, with a staggering 32 of them being Israeli-based. This cyberattack was brought to light by researchers from ESET, an information security company, who released their findings on Monday.

The hackers employed a strategy of identifying and exploiting security vulnerabilities to carry out cyber espionage. In this particular instance, they utilized a "backdoor" entry point known as Sponsor to gain access to these companies' information systems.

The victims of this attack are diverse, spanning various industries, including automotive, engineering, financial services, communications, medicine, and technology. The names of the targeted companies cannot be disclosed at this time, as per ESET's statement. However, the victims outside of Israel are located in Brazil and the United Arab Emirates. Nevertheless, Israel remains the primary focus of the Iranian group known as Ballistic Bobcat, operating under various aliases such as Charming Kitten, TA543, PHOSPHORUS, 35APT, and more.

Notably, the Iranian group wasn't the sole perpetrator of this attack. ESET researchers discovered that other hacking groups were involved in breaching the systems of at least 16 of the most recent victims.

The Iranian hackers followed a pattern of scanning and hacking, choosing their victims at random rather than targeting specific entities. They sought out vulnerable Microsoft Exchange servers connected to networks. In their latest attack, the hackers utilized configuration files stored on the computer's drive to gain entry through the backdoor. Adam Burger, the researcher who uncovered the Sponsor backdoor and analyzed Ballistic Bobcat's current campaign, emphasized that the group employed a diverse array of open-source tools and custom applications to avoid detection by scanning engines.

Burger also provided a recommendation for organizations that have fallen victim to such attacks: they should install security updates on all vulnerable systems connected to their network and exercise caution when installing new applications that may be susceptible to hacking.

According to ESET, Ballistic Bobcat was initially detected around two years ago and began launching attacks through the Sponsor backdoor in September 2021, primarily targeting Israeli organizations. During the COVID-19 pandemic, the group specifically targeted health organizations, including the World Health Organization (WHO), as well as medical researchers.