Iran-linked ‘Lord Nemesis’ group appears intent on intimidating Israeli organizations, report says

Avatar

An Iranian state-backed hacking group recently infiltrated a company that makes academic administration software and used that access to intimidate other Israeli organizations, analysts said on Thursday.

The overall goal of the operation appeared to be hacktivism and not necessarily financial gain, according to OP Innovate, the Israeli company that investigated the incident.

In November, the attackers breached Rashim Software and then appeared to use credentials obtained in that incident to “infiltrate several of the company’s clients, including numerous academic institutes,” OP Innovate said.

Israeli cybersecurity companies have been closely monitoring Iranian state-backed hackers since the country’s war in Gaza began in October 2023. Iran is a supporter of the Palestinian group Hamas.

OP Innovate is calling the group Lord Nemesis, given some of its graphic design choices.

“From their dramatic website, which features a sinister-looking dark lord, to their modus operandi, which involves silently infiltrating networks, exfiltrating data, and gradually releasing their findings to the global web, the group’s actions are calculated to maximize the psychological impact on their victims,” OP Innovate said.

Lord Nemesis overlaps with a previously identified group that other cybersecurity companies track as Nemesis Kitten, OP Innovate said. It’s one of several names given to Tehran-backed operations, including Cobalt Mirage, APT35 and Charming Kitten. The U.S. government referenced those and others in announcing sanctions and legal actions in 2022 against operations connected with Iran’s Islamic Revolutionary Guard Corps.

OP Innovate’s report does not specify how the attackers initially breached Rashim Software. But the intruders were able to expand to Rashim’s clients by circumventing the multi-factor authentication that the company provided them through Office365 emails, OP Innovate said.

As recently as March 4, the hackers were still reaching out to victims.

“Lord Nemesis, in an unusual move for a hacktivist group, provided an accurate description of the attack in an online post,” OP Innovate said. “This demonstrates their direct involvement and desire for public attribution, setting this incident apart from financially-motivated attacks typically carried out by cybercriminals.”

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Stormous ransomware gang takes credit for attack on Belgian brewer Duvel

Next Post

Russian influence operations against Baltic states and Poland having ‘significant impact’ on society

Related Posts

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including
Avatar
Read More

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat
Avatar
Read More