The initial wave of Cyberav3ngers Hack, both real and fabricated, seems to be part of a very active hacker group with a very positive hacker group that is said to be an activity on behalf of Israeli military or intelligence. That rival group, Called the Sparrow HuntingContinuously targeting Iran's important infrastructure systems while similarly hidden behind a hacked front. In 2021, it disabled more than 4,000 Iranian gas stations across the country. Later, by 2022, it burned a steel factory perhaps the most destructive cyber attack in history. After Cyberav3NGERS's 2023 hack campaign, and the missile launched against Israel by Iranian -backed Houthi rebels, Sparrow, the predator took revenge again by defeating thousands of Iran's petrol stations in December of that year.
“Khamenei!” Sparrow hunted on X, referring to Iran's supreme leader in Farsi. We will react against your evil provocation in the area.
Sparrow's attacks were closely focused on Iran. But Cyerav3ngers has not limited Israeli targets, or even Israeli -manufactured devices used in other countries. In April and May last year, Dragos said that the group violated a US oil and gas company, Dragos refused to name another by compromise with Sophos and Fortinet security devices. Dragos found that in the following months, the group scanned the internet of vulnerable industrial control devices, as well as accessing the websites of the manufacturers of those devices to read about them.
After the attacks at the end of 2023, the US Treasury sanctioned six IRGC officials This said that it was associated with the group, and the Ministry of Foreign Affairs set a bonus of its $ 10 million on their heads. But not deterrent, instead, Cyerav3ngers showed signs of development into a more spreading threat.
Last December, Claroty disclose That Cyerav3ngers has infected many industrial control systems and Internet devices (IoT) around the world using a toxic software that it develops. The tool that Claroty is called iocontrol, is a back door based on Linux, hiding its communications in a protocol called MQTT used by IoT devices. It has been grown on everything, from routers to cameras to industrial control systems. Dragos said it had found devices infected by groups around the world, from the US to Europe to Australia.
According to Claroty and Dragos, the FBI has controlled the command server and controlled Iocontrol at the same time as Claroty's December report, neutralizing malware. .
We are seeing Cyerav3ngers moving from the world of opportunities, where their entire target is spreading a message into the kingdom of a persistent threat, Mos Moshe said. During the Hack Iocontrol campaign, he added, they want to be able to infect all the types of assets they identify as important and only to make their malware there as an option for the future.
Exactly what the group may have been waiting for some strategic times could be a strategic time when the Iranian government could achieve geopolitical advantages from the widespread digital interruption. But the group's actions show that it no longer tries to only send a confrontation message against the actions of the Israeli army. Instead, Moshe argued, it was trying to achieve the ability to break the foreign infrastructure as desired.
This is like a red button on their table. At a time, they want to be able to attack many different segments, many different industries, many different organizations, but they choose, he said. “And they won't disappear.”