Home » Cyber Security News » Chafer threat actor group: A deep understanding of the Iran-linked threat group’s high-prolific targets

Chafer threat actor group: A deep understanding of the Iran-linked threat group’s high-prolific targets

  • Chafer has compromised several airlines and telecommunications companies in the Middle East countries such as Saudi Arabia and Afghanistan.
  • Chafer has used leaked NSA hacking tools including EternalBlue that are freely available on the public internet.

Chafer hacking group, also known as APT39 is an advanced persistent threat group that has been active since July 2014. Chafer has been observed compromising web servers via SQL injection attacks in order to drop Backdoor.Remexi onto victims’ computers. Chafer primarily targets victims in Iran, followed by Middle East countries, and the United States.

Chafer linked to OilRig group

Experts noted that Chafer is linked to a group called OilRig that has shared its C&C server and infection vectors with Chafer. Chafer has used leaked NSA hacking tools including EternalBlue that are freely available on the public internet.

Chafer targeted telecoms in the Middle East

In 2015, Chafer compromised several airlines and telecommunications companies in the Middle East countries such as Saudi Arabia and Afghanistan, while one organization was located in the US.

Backdoors used by Chafer

In 2019, Chafer targeted Windows machines located in Iran with the Remexi malware which is capable of stealing user credentials, recording keystrokes, browser history and taking screenshots on targeted machines. Researchers noted that Chafer threat group uses Remexi backdoor to steal usernames and passwords in order to propagate further across the network.

  • Chafer has used MechaFlounder backdoor to target Turkish government firm in November 2018.
  • Apart from Remexi and MechaFlounder backdoor, Chafer was also spotted using other backdoors such as SEAWEED, CACHEMONEY, and a specific variant of the POWBAT backdoor.

Furthermore, Chafer threat group has exploited vulnerable web servers of targeted organizations in order to install web shells such as ANTAK and ASPXSPY,and has used stolen credentials to compromise externally facing Outlook Web Access (OWA) resources.

Firewall,Hardware Firewall,Software Firewall,Firewall India, Firewall,Network Firewall,Firewall Support,Firewall Monitoring,Firewall VPN, WAF Website Firewall,Firewall Security, Firewall India,Firewalls Provider in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket