By John Lee.
Russian cybersecurity firm Kaspersky Lab has said it has found evidence of attempts to compromise the information systems of foreign diplomatic entities in Iran:
“Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran.
“The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation.
“This malware has previously been associated with an APT actor that Symantec calls Chafer.“
“The vast majority of the users targeted by this new variant of Remexi appear to have Iranian IP addresses. Some of these appear to be foreign diplomatic entities based in the country …
“Traditionally, Chafer has been focusing on targets inside Iran, although their interests clearly include other countries in the Middle East.“
(Source: Kaspersky Lab)